Meanwhile our real public mail server is vulnerable because
it runs Netscape mail (netra runs solaris 2.4 until SunSoft
gets our copy of 2.5.1 application server off back order;
Solaris sendmail may be older, the latest one is 8.8.5:
ftp://ftp.sendmail.org/ucb/src/sendmail/sendmail.8.8.5.tar
Its sendmail.cf is slightly different from the stock Solaris.
If you don't have the time to build, you may get a 2.5.1
sendmail binary (note, it's risky to download binaries, no
guarantees implied or expressed etc. etc.) under:
ftp://ftp.professionals.com/pub/professionals/sendmail-sunos5.4/sendmail.8.8.5
/usr/ucb/sum 37416 388 .../sendmail.8.8.5
CERT advisories on sendmail are under http://www.cert.org.
Sanjay.