source: wwwsecurityfocuscom/bid/832/info
here are three buffer overflow vulnerabilities in the CDE mail utilities, all of which are installed sgid mail by default
The first is exploited through overrunning a buffer in the Content-Type: field, which would look something like this:
Content-Type: image/aaaaaaaa long 'a' aaaaaa; name="test ...