Florian Weimer of the Red Hat Product Security Team found  that mom created PID files in /var/run as world-writable. This could allow a malicious local attacker to edit the PID file and on mom shutdown or restart, to kill some other process than the mom process, that they would not normally have access to terminate.
This is fixed upstream .
Created mom tracking bugs for this issue
Affects: epel-6 [bug 863489]
Fixed as of 0.3.0-1.