This showed up in my mailbox last night. Anyone know any details? benjamin Begin forwarded message: From: Izumi Ohzawa <izumi@pinoko.berkeley.edu> Date: Mon, 14 Mar 1994 16:58:06 -0800 To: next-managers@stolaf.edu Subject: Security problem in sendmail versions 8.x.x Reply-To: izumi@pinoko.berkeley.edu Precedence: bulk FYI, If you are running sendmail 8.x.x, you should take note of the following posting, and get version 8.6.7 ASAP. NeXT's sendmail version 5.67e doesn't have the bug, and is the version you should be using if you are sticking with NeXT's. To find what version of sendmail a host is running, do: "telnet hostname 25", then type 'quit'. Izumi Ohzawa --------------------------------------------------------------- >From: eric@CS.Berkeley.EDU (Eric Allman) >Newsgroups: comp.mail.sendmail,comp.security.unix >Subject: sendmail 8.6.7 released >Date: 14 Mar 1994 17:52:56 GMT >Organization: UC Berkeley Mammoth Project >Message-Id: <2m289o$cre@agate.berkeley.edu> > >I regret that someone reported a nasty security problem to me less >that 24 hours after I released sendmail 8.6.6. This bug is present >in all sendmail version 8 versions prior to 8.6.7, as well as in >many vendor versions. It does not exist in IDA sendmail. I urge >you to upgrade before the cracker scripts start circulating around >the network. Sorry for the inconvenience -- I only heard about this >an hour ago myself. > >Sendmail 8.6.7 is available on FTP.CS.Berkeley.EDU in /ucb/sendmail. > >eric -------------------- THE FOLLOWING IS ADDED AUTOMATICALLY -------------------- NeXT-Managers is a self-moderated list. Please be considerate of the agreed policies: send replies to original author only, who will summarize responses; do not send NeXT-Mail postings; time-critical requests only. A searchable archive of next-managers postings is available from "gopher.stolaf.edu" in "Internet Resources/St. Olaf Sponsored Mailing Lists/NeXT-Managers" Send questions and requests to: next-managers-request@stolaf.edu