Harald Hoyer from Red Hat reported that /usr/lib/dracut/modules.d/99kdumpbase/module-setup.sh script uses insecure temporary files names, which can lead to a persistent local denial of service, or allow local users to escalate their privileges.
Created attachment 1014711 [details] proposed patch
Acknowledgements: This issue was discovered by Harald Hoyer of Red Hat.
Created kexec-tools tracking bugs for this issue: Affects: fedora-all [bug 1213342]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:0986 https://rhn.redhat.com/errata/RHSA-2015-0986.html