COMMAND

    write(2)

SYSTEMS AFFECTED

    Any Linux kernel as of 1.2.13/

PROBLEM

    write(2) does not clear the  setuid bit of files when  called. You
    can overwrite world writable  setuid files with anything  you want
    and keep them setuid.