daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear a buffer for reading requests, which might allow local users to obtain sensitive information from previous requests.
Related posts