> I just got the new sendmail bug alert from CERT, and of course > it may affect my configuration - which leads to the question, does > anybody know what the problem is so I can temporarily defend my system? I don't have any real information, but my guess is that this is the same problem as [8lgm]-Advisory-17.UNIX.sendmailV5-2-May-1995, and that use of smrsh is an excellent defense against the bug. 8lgm hasn't published an exploit for this problem, even though they said they passed the exploit on to CERT over three months ago. It's a shame to have to give up IDA.... V8 doesn't do username-hiding nearly as well. -- Tom Fitzgerald 1-508-967-5278 Wang Labs, Billerica MA, USA fitz@wang.com