A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation by abrtd and post-create event execution, there is a window of several seconds during which any local user can call SetElement to write arbitrary text files into the root-owned dump directory. The access check (dd_accessible_by_uid) reads the uid element inside the dump directory, which matches the caller's uid because the crash was triggered by the caller's process. This allows an attacker to plant arbitrary files in the dump directory before event scripts process them, including setting the "component" element to bypass package validation (abrt-action-save-package-data), allowing crashes of unpackaged binaries to survive post-create processing.