Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges.
Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges.