See the URL. Alternatively, see the Bugtraq post in which this was recently reported: http://www.securityfocus.com/archive/1/140614 This also illustrates the hazards of 1) Binaries not owned by root 2) Re-use of the same uid for different purposes/subsystems
This was fixed in an old groff update for 6x and 5x, get the latest updates, install, and this is gone.