On Fri, 24 Feb 1995, Igor V. Semenyuk wrote: > > Does anyone know if IDA sendmail is vulnerable? CERT advisory > doesn't mention it - is it because IDA considered obsoleted or > because it is clean? One would be safer to assume it is vulnerable until it's proven safe... Eric did say "probably all sendmail's, including most vendor's version 5 derived ones" - IDA is a version 5 sendmail derivative too. If it was fixed in IDA first, the chances are that somebody going through the RCS logs would have picked this up ages ago.. -Peter