sendmail-8.13.6 was released to address a recently discovered vulnerability. To quote the announcement: This vulnerability may permit a specifically crafted attack to take over the sendmail MTA process, allowing remote attackers to execute commands and run arbitrary programs on the system running the MTA, affecting email delivery, or tampering with other programs and data on this system....This connection-oriented vulnerability does not occur in the normal course of sending and receiving email. It is only triggered when specific conditions are created through SMTP connection layer commands. References: http://www.sendmail.org/8.13.6.html http://www.sendmail.com/company/advisory/index.shtml http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
Thx for the notification. However this is already fixed. *** This bug has been marked as a duplicate of 125623 ***
*** Bug 127324 has been marked as a duplicate of this bug. ***