Although Microsoft Windows vulnerabilities get most of the headlines, researchers this week identified vulnerabilities in two commonly used open-source software products.
The more serious of the vulnerabilities affects Sendmail, an open-source program for managing e-mail. The vulnerability lies in the way the e-mail server software parses e-mail headers, according to Dan Ingevaldson, engineering manager for Internet Security Systems in Atlanta.
"It's an extremely serious vulnerability," Ingevaldson said, adding that computer attackers could probably exploit it. It is less clear, he said, whether a separate flaw in OpenSSH, also discovered this week, can be exploited.
News source: Cnet News - Security experts find open-source flaws