setuid() return code is not checked. It makes it possible to execute code with root privileges by exhausting user limits.
vulners.com/securityvulns/securityvulns:doc:12830
vulners.com/securityvulns/securityvulns:doc:13436
vulners.com/securityvulns/securityvulns:doc:13437