Risk: High
The flaw has been found in certain versions of sendmail Mail Transfer Agent (MTA) and UNIX and Linux products that contain it. It may enable amendments of timing conditions to enable an attacker to execute arbitrary code or commands. Those systems affected could have programs or data deleted, modified or exposed.
On its website, sendmail states that it is currently working on patches and has taken the following measures to resolve the flaw:
1. Implemented and certified software patches for open source sendmail MTA versions 8.12 and 8.13
2. Implemented and certified software patches/upgrades for impacted commercial sendmail products
3. Worked with ISS to validate the developed patches and assure their effectiveness
4. Collaborated with CERT/CC to notify and provide other vendors who use the sendmail MTA with the required source code patches
Full details of the affected versions and updates are available at http://www.sendmail.com/company/advisory/index.shtml