This was reported by Dan Ingevaldson, team leader of X-Force research and development at ISS, who first discovered the vulnerability.
http://www.linuxworld.com/go.cgi?id=741963"What makes the new vulnerability particularly pernicious is that attackers would need to know little about the server they were attacking other than its Internet address.
It's quite a dangerous vulnerability because an exploit could be contained in the e-mail message itself. The attacker doesn't need to set up an elaborate system to launch the attack. They could just send an e-mail message to a server, and if the server is vulnerable the attack would be launched.
The combination of freely visible source code, a severe and remotely exploitable vulnerability, and an enormous installed base of vulnerable servers make the new Sendmail vulnerability an extremely high-value target for the hacking community, according to Ingevaldson.
That means that it is critical for affected organizations to patch their servers.
Once an exploit is published, all bets are off. The window of vulnerability has decreased. there have been some very robust powerful exploits released within a few months of the exploit being published, so if patching was not a big deal before, it is now."
Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
