Launchpad.net

CVE 2008-5152

inmail-show in mh-book 200605 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/inmail#####.log or (2) /tmp/inmail#####.stdin temporary file.

See the CVE page on Mitre.org for more details.