A Mandrake advisory, posted at Linux Weekly News: "Tarhon-Onu Victor found a problem in /bin/login's PAM implementation.
It stored the value of a static pwent buffer across PAM calls, and when
used with some PAM modules in non-default configurations (ie. using
pam_limits), it would overwrite the buffer and cause the user to get
the credentials of another user."
November 2, 2001