http://secunia.com/advisories/22223/

Description:
Larry Cashdollar has discovered a vulnerability in IBM Informix Dynamic
Server, which can be exploited by malicious, local users to perform
certain actions with escalated privileges.

The vulnerability is caused due to the temporary file
"/tmp/installserver.txt" being created insecurely during the install
process. This can be exploited via symlink attacks to append data to
arbitrary files with privileges of the user running the installation
script.

The vulnerability has been confirmed in version 10.UC3RC1 Trial for
Linux. Other versions may also be affected.

Solution:
Grant only trusted user access to affected systems.





Can this be solved by setting DBTEMP to a secure directory?

Andrew Ford