Red Hat Linux 2.1 - Local Command Execution via Trojan Horse Program in Relative Path
abuse.console in Red Hat 2.1 uses relative pathnames to find and execute the undrv program, which allows local users to execute arbitrary commands via a path that points to a Trojan horse program.