When nbsmtp is executed in debug mode, server messages
will be printed to stdout and logged via syslog. Syslog is
used insecurely and user-supplied format characters are
directly fed to the syslog function, which results in a
format string vulnerability.
Under some circumstances, an SMTP server may be able to
abuse this vulnerability in order to alter the nbsmtp
process and execute malicious code.