> Please refrain from disclosing bug particulars on an email list.
> All we need is to have hackers get the inside poop on a hole faster
> than we can patch it.
OK, here's one: we don't run Sun's sendmail, we run an older Berkeley
version. How am I supposed to find out if our system is vulnerable also
unless I can find out more about the bug? It seems to me that if, as
the CERT announcement states, the hole is ALREADY being widely exploited,
concerns about hackers finding out how to exploit it should take a back
seat to helping the guys in the white hats close the hole.