rgmanager is vulnerable to privilege escalation. The vulnerability exists as it was discovered that certain resource agent scripts set the LD_LIBRARY_PATH environment variable to an insecure value containing empty path elements. A local user able to trick a user running those scripts to run them while working from an attacker-writable directory could use this flaw to escalate their privileges via a specially-crafted dynamic library.
bugs.debian.org/cgi-bin/bugreport.cgi?bug=598549
secunia.com/advisories/43372
security.gentoo.org/glsa/glsa-201110-18.xml
www.redhat.com/support/errata/RHSA-2011-0264.html
www.redhat.com/support/errata/RHSA-2011-1000.html
www.redhat.com/support/errata/RHSA-2011-1580.html
www.vupen.com/english/advisories/2011/0416
access.redhat.com/errata/RHSA-2011:0264
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=639044