Pete Randall posted an excellent article from SANS with a great explanation:
--Sendmail Vulnerability Demonstrates New DHS Capabilities
(3 March 2003)
A vulnerability was reported in Sendmail that allows root access simply
by sending a specially crafted email. Action by the Department of
Homeland Security and affected vendors led to a coordinated program for
patch development, early warning for critical infrastructure industries
and government agencies, and broad information dissemination, while
maintaining secrecy until the SANS web broadcast features people from sendmail.com, ISS, SourceFire, and the SANS faculty experts answering questions about the
vulnerability, what systems are vulnerable, and what can be done to
protect Sendmail beyond patching.
Thanks again, Pete.
Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
