Red Hat Bugzilla – Bug 19509
lpr: another local root compromise
Last modified: 2007-04-18 12:29:26 EDT
See the URL.
Alternatively, see the Bugtraq post in which this was recently reported:
This also illustrates the hazards of
1) Binaries not owned by root
2) Re-use of the same uid for different purposes/subsystems
This was fixed in an old groff update for 6x and 5x,
get the latest updates, install, and this is gone.