Florian Weimer, of Red Hat Product Security, discovered an issue in
condor, a distributed workload management system. Upon job completion,
it can optionally notify a user by sending an email; the mailx
invocation used in that process allowed for any authenticated user
able to submit jobs, to execute arbitrary code with the privileges of
the condor user.