I wonder why there's no info on Security Focus about this yet.. Even sendmail seems lax in their disclosure.. On their site they just says:
Sendmail 8.12.8 is available; it contains a fix for a critical security problem in header parsing discovered by Mark Dowd of ISS X-Force; we thank ISS X-Force for bringing this problem to our attention. Sendmail urges all users to either upgrade to sendmail 8.12.8 or apply a patch for 8.12.
No other docs on the issue...
On the other hand CERT sure is sending the message loud and clear.. <g>
Thanks Michael for the patch, I'm going to go grap that right now and toss it on the box..
_______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
