GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.Referenceshttp://archives.neohapsis.com/archives/bugtraq/2000-07/0389.htmlhttp://www.securityfocus.com/bid/1516http://marc.info/?l=bugtraq&m=96473640717095&w=2http://www.debian.org/security/2000/20000727
