Debian Linux Security Advisory 3149-1 - Florian Weimer, of Red Hat Product Security, discovered an issue in condor, a distributed workload management system. Upon job completion, it can optionally notify a user by sending an email; the mailx invocation used in that process allowed for any authenticated user able to submit jobs, to execute arbitrary code with the privileges of the condor user.
d67dc19e1a51dcc33a68b430ffc86de24f5824b229425ade21a664c4eb4718b1