xferfaxstats in HylaFax 4.2.1 and previous versions allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file.
Javier Fernández-Sanguino Peña discovered that several scripts of the
hylafax suite, a flexible client/server fax software, create temporary
files and directories in an insecure fashion, leaving them vulnerable
to symlink exploits
For the old stable distribution (woody) this problem has been fixed in
version 411-32
For the stable distributio ...