Davfs2, a filesystem client for WebDAV, calls the function system insecurely while is setuid root. This might allow a privilege escalation.