Atstake Security Advisory A041003-1 - MacOS X DirectoryService, which runs setuid as root, uses a system() to execute the touch command without properly using a full path. Due to this, a local attacker can execute commands as root.
ca8fa585c5c12890f30e767074ee9e77851c6c136557059afdae4911aeae24fd