The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5
marc.info/?l=oss-security&m=126030454503441&w=2
secunia.com/advisories/37645
secunia.com/advisories/37860
secunia.com/advisories/62226
www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html
www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html
www.openwall.com/lists/oss-security/2009/12/08/4
www.osvdb.org/60853
www.securityfocus.com/bid/37256
www.ubuntu.com/usn/USN-2473-1
www.vupen.com/english/advisories/2009/3453
bugzilla.redhat.com/show_bug.cgi?id=545439
exchange.xforce.ibmcloud.com/vulnerabilities/54673
www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html
www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html