PatchLink Update client for Unix allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0525)