The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place.
CVE-2002-0760Archive extractor decompresses files with world-readable permissions, then later sets permissions to what the archive specified.
CVE-2005-2174Product inserts a new object into database before setting the object's permissions, introducing a race condition.
CVE-2006-5214Error file has weak permissions before a chmod is performed.
CVE-2005-2475Archive permissions issue using hard link.
CVE-2003-0265Database product creates files world-writable before initializing the setuid bits, leading to modification of executables.