Local user can bypass root directory protection, buffer overflow on S/Key authentication.
vulners.com/securityvulns/securityvulns:doc:5868