buffer overflow in vsyslog(), by the ident string previously set with openlog(), exploitable via some versions of /bin/su (for example, the version that comes with Slackware 3.1)