I noticed InstallAnywhere creates the following files in /tmp: persistent_state env.properties.NNNNN Where NNNNN is the current process id or ($$) These files can be used to clobber system files if the installation software is run as root. A malicious attacker can create a symlink in /tmp to point to a critical system file. This system file will be over written with the contents of the temporary file. For example ''[nobody $] ln -s /etc/passwd /tmp/persistent_state'' Then if root runs software utilizing the InstallAnywhere software (in my case it was LimeWire) the contents of /etc/passwd will be overwritten with the contents of persistent_state. The env.properties.NNNNN file appears to be created during the execution of InstallerData/makeExecutable/laxunix.sh The persistent_state file might be created during the execution of ./InstallerData/com/zerog/registry/UUID.class A basic check with 'strings' leads me to believe this. Local attackers can exploit this vulnerability to clobber root owned system files, this could possibly lead to a denial of service or system compromise. If software utilizes InstallAnywhere v5.0.6 to perform system installation then you are vulnerable. I tested the enterprise edition that I downloaded from them for a free evaluation.