XFree86's setup tool 'xf86config' contains a race condition (meaning that someone can symbolically link a file to these names, causing the program to overwrite other files), due to the fact that it creates two (then deletes them) without checking to see whether they exist or not.
XFree86 3.3.2 contains a tool ('xf86config') that creates two temporary files '/tmp/XF86Config.tmp' and '/tmp/dumbconfig.2' without checking to see whether they exist or not (before the program terminates, it deletes them), making it possible for a malicious user to symbolically link these files into any file on the system, making it possible to erase crucial files from the system.
This can be regarded as a problem, because even though xf86config on most system is not set-uid (marked to run as another user, usually root) a root user is likely to run this program to enable himself access to XWindows, making the running privileges higher than any normal user's rights, enabling a malicious user to overwrite crucial files.
