Security Flaws Found in Unix Software Also Included In Mac OS X

W hile Microsoft users have had a pretty bad time of it of late dealing with infestations of worms and viruses, users of other operating systems have been sitting back in a sense of security, believing that their OS is less vulnerable to malicious attack. As if to prove how wrong that belief may be, vulnerabilities in two widely used Open Source applications common in Linux and Unix, have been shown to have flaws that could be exploited by crackers.

C|Net is reporting that Atlanta based Internet Security Systems has found a flaw in Sendmail, a very common Unix server based application for handling e-mail. If youill recall, last week a flaw was found in OpenSSH, another commonly used application. From the C|Net article, Security experts find open-source flaws:

Although Microsoft Windows vulnerabilities get most of the headlines, researchers this week identified vulnerabilities in two commonly used open-source software products .

The more serious of the vulnerabilities affects Sendmail, an open-source program for managing e-mail. The vulnerability lies in the way the e-mail server software parses e-mail headers, said Dan Ingevaldson, engineering manager for Internet Security Systems in Atlanta.

"Itis an extremely serious vulnerability," Ingevaldson said, adding that computer attackers could probably exploit it. It is less clear, he said, whether a separate flaw in OpenSSH, also discovered this week, can be exploited.

It may remain theoretical, it might prove to be exploitable," he said of the flaw in OpenSSH, which is used by network managers to log in remotely and gain encrypted access to computers and other networked devices.

The article points out that there is some question to whether the Open SSH flaw is exploitable by crackers. You can read the entire article at C|Net.

Sendmail is used in Mac OS X server as the default mail server. It is also included in the desktop version of Mac OS X, though it is not turned on by default, and requires some command line skills for a user to do so. OpenSSH is included in Mac OS X and Mac OS X Server, and is one of the technologies used to remotely access Mac OS X or other *nix OSes, to or from a Mac OS X box.