Summary: Eject could be made to run programs as an administrator.
Software description: eject - ejects CDs and operates CD-Changers under Linux
Details: Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid and setgid return values. A local attacker could use this issue to execute code as an administrator.

http://www.ubuntu.com/usn/usn-3246-1/