wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option.Referenceshttp://www.securityfocus.com/bid/3658http://www.debian.org/security/2001/dsa-092http://www.iss.net/security_center/static/7669.php
