From owner-freebsd-security  Thu Aug 17 20:59:30 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.FreeBSD.org (8.6.11/8.6.6) id UAA27700
          for security-outgoing; Thu, 17 Aug 1995 20:59:30 -0700
Received: from palmer.demon.co.uk (palmer.demon.co.uk [158.152.50.150])
          by freefall.FreeBSD.org (8.6.11/8.6.6) with ESMTP id UAA27693
          for <freebsd-security@freebsd.org>; Thu, 17 Aug 1995 20:59:18 -0700
Received: from localhost (localhost [127.0.0.1])
	  by palmer.demon.co.uk (8.6.11/8.6.11) with SMTP id EAA08629
	  ; Fri, 18 Aug 1995 04:58:53 +0100
X-Message: This is a dial-up site. Quick responses to e-mails should
           not be relied upon. Thanks!
To: ywliu@beta.wsl.sinica.edu.tw
cc: freebsd-security@freebsd.org
Subject: Re: (fwd) CERT Advisory CA-95:08 - Sendmail v.5 Vulnerability 
In-reply-to: Your message of "Fri, 18 Aug 1995 09:56:21 +0800."
             <199508180207.TAA23558@freefall.FreeBSD.org> 
Date: Fri, 18 Aug 1995 04:58:51 +0100
Message-ID: <8627.808718331@palmer.demon.co.uk>
From: Gary Palmer <gary@palmer.demon.co.uk>
Sender: security-owner@freebsd.org
Precedence: bulk

In message <199508180207.TAA23558@freefall.FreeBSD.org>, ywliu@beta.wsl.sinica.
edu.tw writes:
>I just wonder I am using 2.05R, do I need to switch to sendmail 8.6.12 ?

FreeBSD 2.0.5 or later will not be vunerable to the described attack,
as it ships with sendmail 8.6.11 or later (which, according to the
CERT posting, are `safe' versions).

If you are particularly paranoid, you can grab sendmail 8.6.12 from
ftp://ftp.cs.berkeley.edu/pub/src/sendmail (I think). It should
compile under FreeBSD without trouble (I've done it before a couple of
times). Alternatively, 8.6.12 is also in the -current FreeBSD source
tree, available from all good SUP servers and FTP mirrors.

Gary