GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.
http://www.securityfocus.com/bid/1516
http://www.debian.org/security/2000/20000727
http://marc.info/?l=bugtraq&m=96473640717095&w=2
http://archives.neohapsis.com/archives/bugtraq/2000-07/0389.html