The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
https://exchange.xforce.ibmcloud.com/vulnerabilities/19317
http://www.securityfocus.com/bid/12540