------------------------------------------------------------------------
BCSA 013
Badly Coded, Inc. Security Advisory                      March 4th, 2019
------------------------------------------------------------------------
BCSA-013: Backdoor address in BCMTA 1.0 allows root execution

Affected versions: 1.0 and earlier
Fixed versions: 1.1 and later

It has come to our attention that version 1.0 of BCMTA contains
special-case related to a special email address, which causes emails
sent to that address, rather than being delivered normally, to be
executed by a shell with BCMTA's privileges. In the default
configuration where BCMTA runs as root, this allows local privilege
escalation as well as remote root execution. Using our internal
records we have identified the developer responsible for this feature,
and that individual is no longer with the company. We would like to
acknowledge a number of students from the University of Minnesota's
Computer Science and Engineering 5271 course who reported this
vulnerability.

All BCMTA users are recommended to upgrade at their earliest
convenience.