Javier Fernández-Sanguino Peña reports:
The DBI library, the Perl5 database interface, creates a
temporary PID file in an insecure manner. This can be
exploited by a malicious user to overwrite arbitrary files
owned by the person executing the parts of the library.