There is a /tmp symlink vulnerability in gnorpm 0.9 shipped in Red Hat 6.2. From bugtraq id 1761: <quote> A vulnerabiity exists in versions prior to v0.95 of GnoRPM, the Gnome graphical RPM manager, involving the way gnomerpm handles tmp files. GnomeRPM creates temporary files in the world-writeable /tmp directory with preditable filenames. It is possible for a malicious user to create symbolic links in /tmp with guessed/predicted filenames, knowing in advance that GnomeRPM will be run by root. When this happens, the files pointed to by the correctly guessed symbolic links will be overwritten by GnomeRPM (as root). <unquote> This vulnerability is fixed in gnorpm 0.95.1 and Red Hat should upgrade to this version to fix the vulnerability. I hope this helps, Paul
This has been closed by Red Hat errata RHSA-2000:072-05.