COMMAND

    sendmail

SYSTEMS AFFECTED

    Most  UNIXes  running  an  old,  or improperly configured sendmail
    daemon

PROBLEM

    The file /etc/aliases contains  aliases for various mail  accounts
    (among  other  things).   One  of  these  is  an alias for decode.
    Anything sent to decode@victim.com will be decoded.  Since  decode
    runs  as  root  by  default   on  many  systems,  this  could   be
    particularly nasty.   One could send  an /etc/passwd file  encoded
    to decode@victim.com,  which would  then decode  it and  overwrite
    the password file with this new one.

    Remote users could gain user or root access on your system.

SOLUTION

    Disable  the  uuencode  and  uudecode  aliases  and  then  execute
    "newaliases".