sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO OpenServer 5.0.6, can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.
http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html