Due to a problem with the code in crontab, a buffer overflow exists that allows a user to overwrite the information in a saved stack frame. When the function returns, the saved frame is popped off of the stack and user supplied code can be executed.