Sendmail is a popular email server software used by many organizations. This vulnerability allows remote attackers to execute root commands on the system using the ident protocol.
Sendmail is a popular email server software used by many organizations. This vulnerability allows remote attackers to execute root commands on the system using the ident protocol.
You're affected if you use Sendmail version 8.6.9. Check with: sendmail -v or grep "ident" /etc/sendmail.cf
Note: This is a specific version of Sendmail, and other versions may not be affected.
Upgrade to Sendmail version 8.12.1 or later.
You can download the latest version from the official Sendmail website: https://www.sendmail.org/
- Immediate mitigation:
- Disable ident protocol: echo "ident=NO" >> /etc/sendmail.cf
- Restrict network access to your email server (firewall it from the public internet)