daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear a buffer for reading requests, which might allow local users to obtain sensitive information from previous requests.
https://www.redhat.com/archives/cluster-devel/2007-June/msg00130.html