Oliver Peter wrote:
A race condition exists in sendmail's handling of asynchronous signals.
A remote attacker may be able to execute arbitrary source code with the
privileges of the user running sendmail, typically root.
Excuse my question - I don't want to attack our loved project but does
that mean that we've got a second remote hole? Don't kick my ass.
Not in the default install. :) From afterboot(8):
"For the default installation, sendmail is configured to only accept
connections from the local host and to not accept connections on any
external interfaces."
