chuid 1.2 and earlier does not properly verify the ownership of files that will be changed, which allows remote attackers to change files owned by other users, such as root.Referenceshttp://online.securityfocus.com/archive/1/251763http://www.securityfocus.com/bid/3938https://exchange.xforce.ibmcloud.com/vulnerabilities/7976
