Oliver Peter wrote:
On Thu, Mar 30, 2006 at 05:08:11PM -0700, Peter Valchev wrote:A race condition exists in sendmail's handling of asynchronous signals. A remote attacker may be able to execute arbitrary source code with the privileges of the user running sendmail, typically root.Excuse my question - I don't want to attack our loved project but does that mean that we've got a second remote hole? Don't kick my ass.
By default sendmail only listens on the local interface. Hans