Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems.
marc.info/?l=mutt-dev&m=115999486426292&w=2
secunia.com/advisories/22613
secunia.com/advisories/22640
secunia.com/advisories/22685
secunia.com/advisories/22686
secunia.com/advisories/25529
www.mandriva.com/security/advisories?name=MDKSA-2006:190
www.redhat.com/support/errata/RHSA-2007-0386.html
www.securityfocus.com/bid/20733
www.trustix.org/errata/2006/0061/
www.ubuntu.com/usn/usn-373-1
www.vupen.com/english/advisories/2006/4176
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10601