According to the version number of the remote mail server, a local user may be able to obtain the complete mail configuration and other interesting information about the mail queue even if he is not allowed to access those information directly, by running sendmail -q -d0-nnnn.xxx where nnnn & xxx are debugging levels. If users are not allowed to process the queue (which is the default) then you are not vulnerable.

upgrade to the latest version of Sendmail or do not allow users to process the queue (RestrictQRun option) Note : This vulnerability is _local_ only