From LWN.net: "zen-parse reported  that the 'tcl' and 'expect' programs were
looking for dynamic libraries in unsafe directories.
"expect" searches for dynamic libraries under the world writable
/var/tmp directory. An attacker could place fake libraries in that
directory and thus have expect (and progams using it, as mkpasswd)
execute arbitrary code. A similar problem exists with 'tcl'. This
program searches for dynamic libraries in directories under the
current directory, which is also an unsafe behaviour.
Conectiva Linux 6.0 is vulnerable to both problems, while the 7.0
version is only affected by the last one."
July 19, 2001