Stack-based buffer overflow in op before Changeset 563, when xauth support is enabled, allows local users to gain privileges via a long XAUTHORITY environment variable.
https://exchange.xforce.ibmcloud.com/vulnerabilities/43836
http://www.securityfocus.com/bid/30226