Format string vulnerability in auto nice daemon (AND) 1.0.4 and earlier allows a local user to possibly execute arbitrary code via a process name containing a format string.
https://exchange.xforce.ibmcloud.com/vulnerabilities/7606
http://www.securityfocus.com/bid/3580