2000-10-13 04:00:00
mitre
PUBLISHED
xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option.