Xref: lehman.com comp.mail.sendmail:11850 comp.security.unix:3365 Path: lehman.com!uupsi!psinntp!news.columbia.edu!sol.ctr.columbia.edu!howland.reston.ans.net!agate!CS.Berkeley.EDU!eric From: eric@CS.Berkeley.EDU (Eric Allman) Newsgroups: comp.mail.sendmail,comp.security.unix Subject: sendmail 8.6.7 released Date: 14 Mar 1994 17:52:56 GMT Organization: UC Berkeley Mammoth Project Lines: 11 Sender: eric@mastodon.CS.Berkeley.EDU (Eric Allman) Distribution: world Message-Id: <2m289o$cre@agate.berkeley.edu> Reply-To: eric@CS.Berkeley.EDU NNTP-Posting-Host: mastodon.cs.berkeley.edu I regret that someone reported a nasty security problem to me less that 24 hours after I released sendmail 8.6.6. This bug is present in all sendmail version 8 versions prior to 8.6.7, as well as in many vendor versions. It does not exist in IDA sendmail. I urge you to upgrade before the cracker scripts start circulating around the network. Sorry for the inconvenience -- I only heard about this an hour ago myself. Sendmail 8.6.7 is available on FTP.CS.Berkeley.EDU in /ucb/sendmail. eric