[This was originally published on the OSVDB blog.]
http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0060.html
While symlink vulnerabilities are not new, Steven Christey from CVE points out a recent trend in “second-order symlink” vulnerabilities. Based on the recent examples published, there is a strong chance many applications have been vulnerable to such attacks in the past.