Sendmail Identd Bug contents.gifindex.gif

Sendmail Identd Bug

An intruder can gain access through sendmail when it uses identd to find remote users' names. The intruder can execute commands on your system. Sendmail tries to contact the identd daemon on the scanning machine. The scanner then tells sendmail to mail the passwd file of the scanned machine to the user (usually root or postmaster) of the scanned machine.

See Recipients for information on how to specify recipients.

Risk: High

Fix: Ask your vendor for the sendmail patches or upgrade to sendmail 8.7.1.

Advisories: CA-96.20.sendmail_vul

For new version of sendmail: Sendmail