By using invalid handling of error condition it's possible to obtain superuser privileges.
vulners.com/securityvulns/securityvulns:doc:6191
vulners.com/securityvulns/securityvulns:doc:6206