COMMAND

    who

SYSTEMS AFFECTED

    RedHat Linux 5.1, FreeBSD

PROBLEM

    Paul Boehm found following.  The 'who' program is on some  systems
    in a privileged group  which is allowed to  read utmp.  On  redhat
    linux 5.1 you  can easily crash  who by many  different ways (e.g.
    try who /bin/bash).   On FreeBSD you can  use it to view  parts of
    the  content  of  files  that  privileged  group may read (try who
    /privileged/group/file).

SOLUTION

    This is no big deal  with security, but gaining a  more privileged
    group sometimes may be the key to root compromise.