chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other operating systems, does not properly check arguments for the GECOS field, which allows local users to gain privileges.Referenceshttp://www.securityfocus.com/archive/1/415725/30/0/threadedhttp://www.osvdb.org/20525http://secunia.com/advisories/17469http://www.securityfocus.com/bid/15314
