>From what I've heard, this bug effects all sendmail using the ForceMail
variable in recipient.c . This bug is apparently cleared in the 8.6
source, and can be cleared either by clearing it and rebuilding ( if you've
got the SunOS source ) or by the patches that I'm sure everybody already
Boy, I was sure fond of the word "clear" in that last paragraph ;).
Does anyone have more info on the sendmail vulnerability announced by
CERT yesterday? What's the hole? Does it only concern TCP connections
into sendmail? Or can forwarded mail be used to exploit it? CERT
hinted the former to me on the phone, but I'd like any perspectives on
this from someone who knows.