Red Hat Security Advisory RHSA-2004:093-01 - Alan Cox discovered a vulnerability in the systat package where the post and trigger scripts insecurely created temporary filenames, allowing for a symlink attack using /tmp.
7f35413d7406806fe9f4889a2af2a17ef8d1c07ba68514c7a19b918b236d1707