CVE-2001-1091
The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable.
Date published : 2002-03-15
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-014.txt.asc