If a malicious local user extracts a file using unzip 5.52 in a directory that they have write access to, a TOCTOU bug can be exploited to change the permission of any file belonging to that user.
55b2c4f64e7c54f23df8ac2775729729ccfb5e0dccfe171b11c2faff2adf5173
Pine mail's rpdump is vulnerable to a race condition allowing local users to overwrite files which are writable by anyone using Pine.
de5bb033829419007c7d3461177a2e00c37c9a5805fb998a8137ae3ed4e1617b
mkdir, mknod, mkfifo included in GNU Core Utilities 5.2.1 suffer from race conditions.
5d46c6e44436a1f3a69fe74eafdae7b644badbdee503c3f69bf1cabbc47c5aea
If a malicious local user has write access to a directory in which a target user is using gzip to extract or compress a file to then a TOCTOU bug can be exploited to change the permission of any file belonging to that user. Versions 1.2.4 and 1.3.3 of gzip are affected.
5854e58147b30441763747f7c80602edbb8467d416034d870faf6f5a84ee25a5
If a malicious local user has write access to a directory in which a target user is using bzip2 to extract or compress a file to then a TOCTOU bug can be exploited to change the permission of any file belonging to that user. Versions 1.0.2 and below are affected.
e96d285c58912244431cfbe1842d9191f1d0f9e8a20c752c7b40d01dd92a639e