Matt Welsh sgmltool Symlink Vulnerability
sgmltool is a suite of programs used in processing and coverting SGML files to other formats.
An sgmltool component makes insecure use of temporary files.
If an attacker can determine the name of the temporary file prior to its creation, a symbolic link could be created pointing to a target file for which the sgmltool process owner has write permissions.
In this event, sgmltool will overwrite the contents of the target file with its own output.