Qualys has put out an advisory regarding a vulnerability in OpenBSD’s
OpenSMTPD mail server. It “allows an attacker to execute arbitrary shell
commands, as root: either locally, in OpenSMTPD’s default configuration (which listens on
the loopback interface and only accepts mail from localhost);
or locally and remotely, in OpenSMTPD’s ‘uncommented’ default
configuration (which listens on all interfaces and accepts external
mail).” OpenBSD users would be well advised to update quickly.

Source: LWN.net – Unpleasant vulnerability in OpenSMTPD