Debian Security Advisory DSA 1003-1 – Eric Romang discovered that xpvm, a graphical console and monitor for PVM, creates a temporary file that allows local attackers to create or overwrite arbitrary files with the privileges of the user running xpvm.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/44710/dsa-1003-1.txt
Source: https://packetstormsecurity.com/files/44710/Debian-Linux-Security-Advisory-1003-1.html