ISS goes to AlertCon3

Internet Security Systems has announced that a serious threat to one of the most popular email handling programs mean that web administrators need to take immediate action to protect their servers.

  • E-Mail
By  Mark Sutton Published  March 5, 2003

Internet Security Systems (ISS) is warning businesses that they need to take immediate action to guard against two security vulnerabilities that are being exploited by hackers. ISS is so concerned about the vulnerabilities in Sendmail and Snort that it has moved the current threat rating to AlertCon 3, to indicate a threat that require immediate action.

The security vulnerability in Sendmail, a very common email program that handles 50-75% of the world’s Internet traffic, means that the mail transfer agent is vulnerable to buffer overflow attacks. A buffer overflow attack can allow hackers to obtain ‘root’—control of a computer at the highest level. ISS recommends installing a patch, available through the company’s web site, to remedy the situation.

The second threat relates to Snort, an open source Intrusion Detection System, that should check for unauthorised traffic on server. However, owing to a security vulnerability, Snort is also threatened by buffer overflows. Again ISS has a patch available to prevent this from happening.

For more details on both vulnerabilities see www.iss.net.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code