COMMAND

    sendmail

SYSTEMS AFFECTED

    SunOS 4.1.*

PROBLEM

    sendmail(8)  on  SunOS  4.1.X  systems  when using the -oR option,
    uses  popen()  to  return  undeliverable  mail. Local unprivileged
    users can use this to  obtain root access. This vulnerability  has
    been  verified  as  being  present  in  Sun sendmail including the
    current  patches  (currently   at  100377-19  (4.1.3),   101665-04
    (4.1.3_U1), 102423-01 (4.1.4)) as of the time of this printing.