Red Hat Security Advisory RHSA-2003:073-06 - Sendmail v5.79 to 8.12.7 contains a remote root vulnerability in the parsing of mail headers. MTAs other than Sendmail may pass on the carefully crafted message, causing unpatched versions of Sendmail inside a network could still be at risk even if they do not accept external connections directly. In addition, the restricted shell (SMRSH) in Sendmail allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after "||" sequences or "/" characters, which are not properly filtered or verified, allowing local attackers to execute arbitrary binaries via a .forward file.
cc7bc8f2ea5379e8b7b54cda946161337e85f4143d2b26c682d6e551a5e66667