A remote code execution vulnerability in qmail

Just in case anybody out there is still using qmail: a remote codeexecution vulnerability has just been disclosed. Its CVE number isCVE-2005-1513 because, as it turns out, the problem was reported 15 yearsago but the fix was refused by the maintainer."As a proof of concept, we developed a reliable, local and remote exploitagainst Debian's qmail package in its default configuration. This proofof concept requires 4GB of disk space and 8GB of memory, and allows anattacker to execute arbitrary shell commands as any user, except root(and a few system users who do not own their home directory)."