My understanding is that the latest sendmail problem involves use of very large numbers (larger than the maximum value of a signed int but smaller than the max value of unsigned int) to the -d flag, which results in overwriting locations in memory before the debug array. It looks to me like this requires quite a bit of sophistication to exploit, but of course we all know that it won't be long before all the serious crackers know how to make use of it. The hole will allow an ordinary user already logged on to become root; there is no evidence that it can be exploited over an SMTP connection. --Greg