From Net-Security.org: "Certain variables were treated as signed values, but
should have been unsigned. Bounds checking was not done
when incrementing an index.
Combined with supplied command-line arguments, a local
user could exploit the setuid-root sendmail binary and the
lack of bounds checking to perform a root compromise."