Sendmail contains a flaw that may allow a remote attacker to overwrite arbitrary files. The issue is due tot he program allowing remote access to the 'decode' alias. By sending a crafted email to the alias, the sendmail program would write user-supplied content to an arbitrary file as well as set custom permissions.
Upgrade to version 5.67 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: disable the 'decode' alias