apachetop 0.12.5 and previous versions, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
Eric Romang discovered an insecurely created temporary file in
apachetop, a realtime monitoring tool for the Apache webserver that
could be exploited with a symlink attack to overwrite arbitrary files
with the user id that runs apachetop
The old stable distribution (woody) is not affected by this problem
For the stable distribution (sarge) this p ...