Sendmail contains a flaw that may allow a local attacker to gain access to privileged files. The issue is due to the way Sendmail forwards mail via ~/.forward files. Accounts with a ~ in the login name, such as uucp, have world writeable home directories. If a local attacker creates a .forward file in the home directory, they can add arbitrary commands to the file. The next time mail is sent to the account, the contents of .forward will be executed with increased privileges.
Local Access Required
Loss of Confidentiality
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Create a root owned, mode 600 .forward file in uucp's home directory