[原文]The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 (aka 0.9.6-r5), possibly including Sophster, FreeSophster, and FreeSophsterPAM, removes the (1) setuid, (2) setgid, and (3) sticky bits when changing a file, which might allow attackers to gain privileges or conduct other unauthorized activities.
Sophster contains a flaw that may allow a malicious user to modify file attributes. The issue is triggered when the change permissions tool is used on files with special UID/GID and sticky bits. It is possible that the flaw may allow arbitrary file access resulting in a loss of confidentiality.
Upgrade to version 0.9.6-r5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.