In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0203