From owner-freebsd-security  Tue Jul  2 19:36:29 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id TAA01130
          for security-outgoing; Tue, 2 Jul 1996 19:36:29 -0700 (PDT)
Received: from biblioteca.campus.unal.edu.co ([200.21.26.198])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id TAA01103
          for <security@freebsd.org>; Tue, 2 Jul 1996 19:36:23 -0700 (PDT)
Received: by biblioteca.campus.unal.edu.co (AIX 3.2/UCB 5.64/4.03)
          id AA15817; Tue, 2 Jul 1996 21:34:27 -0400
Date: Tue, 2 Jul 1996 21:34:27 -0400 (EDT)
From: "Pedro F. Giffuni S." <pgiffuni@biblioteca.campus.unal.edu.co>
To: security@freebsd.org
Subject: Sendmail cracked!
Message-Id: <Pine.A32.3.91.960702212427.13507A-100000@biblioteca.campus.unal.edu.co>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Hello:
I am running kerberos and DES, but to my surprise my 2 FreeBSD's and my 
AIX's received me with a funny message: /etc/motd was modified and wtmp 
erased.
I knew I was under attack before because of some failed logins, on my fbsds, 
and strange "cannot execute" messages un my AIXs root mail. By the message I 
received, I know other computers in the campus are cracked also.

My solution was securing sendmail by running it in the inetd.conf with 
tcp_wrappers. It is a last moment solution...Is there a new sendmail, a 
patch, or a configuration option?

regards,
Pedro.