anyone know details?

Perry E. Metzger (
Tue, 15 Mar 1994 14:58:10 -0500

Xref: comp.mail.sendmail:11850
From: eric@CS.Berkeley.EDU (Eric Allman)
Newsgroups: comp.mail.sendmail,
Subject: sendmail 8.6.7 released
Date: 14 Mar 1994 17:52:56 GMT
Organization: UC Berkeley Mammoth Project
Lines: 11
Sender: eric@mastodon.CS.Berkeley.EDU (Eric Allman)
Distribution: world
Message-Id: <2m289o$>
Reply-To: eric@CS.Berkeley.EDU

I regret that someone reported a nasty security problem to me less
that 24 hours after I released sendmail 8.6.6.  This bug is present
in all sendmail version 8 versions prior to 8.6.7, as well as in
many vendor versions.  It does not exist in IDA sendmail.  I urge
you to upgrade before the cracker scripts start circulating around
the network.  Sorry for the inconvenience -- I only heard about this
an hour ago myself.

Sendmail 8.6.7 is available on FTP.CS.Berkeley.EDU in /ucb/sendmail.