Loss of Confidentiality,
Loss of Integrity,
Loss of Availability
RPMMail contains a flaw that may allow a malicious user to obtain a root-shell. The issue is triggered when sending a mail with Shell metacharacters in the "MAIL FROM".
Upgrade to version 1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
This version of rpmmail should not be vulnerable to this attack: