ld.so from Solaris 9 and 10 does not check the LD_AUDIT environment variable when running setuid and setgid binaries, allowing a malicious party to run arbitrary code with elevated privileges.
99095146827726d63bfcc4635cf1196f0a332c6fd871b51f211d97645f2ae3c8