Assorted sendmail vulnerabilities.
With almost every sendmail version that was built before February 1998,
a malicious user can gain unauthorized privileges by exploiting
newlines in command-line arguments or in the process environment or in
buffer overflow attacks. Intruders need not have access to an account on
your system to exploit this problem.
Another exploit involves using sendmail to generate a buffer overflow
in the syslog facility.
- Replace sendmail by a more recent version, for example from
www.sendmail.org, or use a corrected version from
- Follow vendor instructions in the numerous advisories from