>So, does anyone know anything about this new Sendmail bug other than >that it exists? If you want to know more about it, grab the sendmail-8.6.7 patch from ftp.cs.berkeley.edu. There are only 2 lines of code changed. The RELEASE_NOTES describes the change as: + SECURITY: it was possible to get root access by using wierd + values to the -d flag. Thanks to Alain Durand of + INRIA for forwarding me the notice from the bugtraq + list. Presumably this can only be exploited on the local machine to allow a non-root user to become root. -harry ------------------------------------------------------------------------------ Spoken: Harry Mantakos Domain: harry@cs.umd.edu UUCP: uunet!mimsy!harry Phone: 301-405-2750 USPS: U of Maryland, CS Dept., College Park, MD 20742