CVE-2000-0786 Information

Description

GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.

Reference

http://archives.neohapsis.com/archives/bugtraq/2000-07/0389.html http://marc.info/?l=bugtraq&m=96473640717095&w=2 http://www.debian.org/security/2000/20000727 http://www.securityfocus.com/bid/1516