FreeBSD : portupgrade -- insecure temporary file handling vulnerability (22f00553-a09d-11d9-a788-0001020eed82)
Simon L. Nielsen discovered that portupgrade handles temporary files in an insecure manner. This could allow an unprivileged local attacker to execute arbitrary commands or overwrite arbitrary files with the permissions of the user running portupgrade, typically root, by way of a symlink attack...