[ Thanks to Gael
Duval for this link. ]
OpenLDAP follows symbolic links when creating files. The default
location for these files is /usr/tmp, which is a symlink to /tmp,
which in turn is a world-writable directory. Local users can
destroy the contents of any file on any mounted filesystem. This
security issue affects Linux-Mandrake 7.0 only. Please upgrade
This bug doesn’t affect older versions of Linux-Mandrake.