qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories.
Dmitry E Oboukhov discovered that the qemu-make-debian-root script in qemu,
fast processor emulator, creates temporary files insecurely, which may lead
to a local denial of service through symlink attacks
For the stable distribution (etch), this problem has been fixed in
version 082-4etch2
For the testing (lenny) and unstable distribution (sid ...