Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password.
https://exchange.xforce.ibmcloud.com/vulnerabilities/15335
http://www.securityfocus.com/bid/9776
http://www.securityfocus.com/bid/9756