COMMAND

    AfterStep asfsm

SYSTEMS AFFECTED

    Systems running asfsm

PROBLEM

    Kristofer Coward  found following.   The disk  usage monitor  that
    comes with AfterStep (asfsm) overwrites /usr/tmp/statfs  regularly
    as whoever launched  it, allowing the  typical symlink crap  we've
    come to expect, including a possible DoS if run as root.  This was
    tested with 1.4.x (haven't checked 1.0, or 1.5pre).

SOLUTION

    Disable  it.   Delete  it.   Perhaps  newer  version lacks of this
    vulnerability.