See the URL.
Alternatively, see the Bugtraq post in which this was recently reported:
This also illustrates the hazards of
1) Binaries not owned by root
2) Re-use of the same uid for different purposes/subsystems
This was fixed in an old groff update for 6x and 5x,
get the latest updates, install, and this is gone.