A buffer overflow exists in the implementation of the 'man' program shipped with RedHat Linux, and other LInux vendors. By carefully crafting a long buffer of machine executable code, and placing it in the MANPATH environmental variable, it becomes possible for a would be attacker to gain egid man.
This has been reported and fixed a couple of months ago. We didn't release an errata package because it is non-critical; at the very worst, someone getting gid man can present false man pages to users who access the previously generated man page cache instead of rebuilding the man pages. *** This bug has been marked as a duplicate of 9892 ***