[ Thanks to Gael
Duval for this link. ]
OpenLDAP follows symbolic links when creating files. The default
location for these files is /usr/tmp, which is a symlink to /tmp,
which in turn is a world-writable directory. Local users can
destroy the contents of any file on any mounted filesystem. This
security issue affects Linux-Mandrake 7.0 only. Please upgrade
to:
e15137088145d315952586f1ad6330ef
openldap-1.2.9-5mdk.i586.rpm
0807d4c34bf6cec47fede3cf7c2572c5
openldap-1.2.9-5mdk.src.rpm
This bug doesn’t affect older versions of Linux-Mandrake.