>The attacker must craft in architecture specific binary code the > commands (or 'shellcode') to be executed with higher privilege. The > attacker must then run the program, using the '-d' flag to overwrite a > function return address with the location of the supplied shellcode. > > > Restrict local access to trusted users only. > > Note that this problem is not remotely exploitable. > Additionally, sendmail 8.12 will no longer uses a set-user-id root > binary by default. > -------------------- > Agreed its an issue. But looking at the above there shouldn't be a huge issue unless your handing out shell accounts. Curtis _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
