Backup Manager contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the program running suid and creating temporary files with a predictable name and location, specifically /tmp/bm-cdrecord.log. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.
Upgrade to version 0.5.8b or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.