CVE 2005-3503
chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other operating systems, does not properly check arguments for the GECOS field, which allows local users to gain privileges.
See the 
CVE page on Mitre.org
for more details.
