SuSE YaST Online Update Insecure Temporary File Creation Vulnerability
SuSE YaST Online Update reportedly creates temporary files in an insecure manner.
The source of the problem is that the online_update program will create temporary files using predictable filenames in a world writeable location (/usr/tmp).
Since these file names are static, it may be trivial for an attacker to create a symbolic link in its place. A malicious local user could take advantage of this issue by mounting a symbolic link attack to corrupt other system files, most likely resulting in destruction of data.
The vendor has reported that the problem is present in SUSE Linux 8.2 and 9.0.