Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.

SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.

The debug command in Sendmail is enabled, allowing attackers to execute commands as root.