sysreport creates a temporary directory in an insecure manner.
ROOT should be something like
ROOT=`mktemp -d /tmp/sysreport.XXXXXXXX`
It is possible for a local attacker to cause a race condition and trick
sysreport into writing its output to a directory the attacker can read.
This issue should also affect RHEL2.1 and RHEL3
This issue was discovered by Bill Stearns
it's now fixed in sysreport-1.3.15-3 (RHEL4), sysreport-126.96.36.199-7 (RHEL3) and
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
From User-Agent: XML-RPC
sysreport-1.4.1-5 has been pushed for FC4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.