Debian GNU/Linux Sendmail Package Default SASL Password Vulnerability

Debian GNU/Linux Sendmail Package Default SASL Password Vulnerability

It is reported that the Sendmail package contained in the Debian GNU/Linux operating system is prone to a default password vulnerability, potentially allowing unauthorized use of the Sendmail MTA. This would likely facilitate UCE (Unsolicited Commercial Email, or SPAM) message relaying through affected installations.

Versions of the Debian Sendmail packages prior to 8.12.3-7.1 for Debian stable (woody), and versions prior to 8.13.1-13 for Debian unstable (sid) are reported vulnerable.