FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

shtool -- insecure temporary file creation

Affected packages
shtool <= 2.0.1

Details

VuXML ID 6596bb80-d026-11d9-9aed-000e0c2e438a
Discovery 2005-05-25
Entry 2005-07-09

A Zataz advisory reports that shtool contains a security flaw which could allow a malicious local user to create or overwrite the contents of arbitrary files. The attacker could fool a user into executing the arbitrary file possibly executing arbitrary code.

References

Bugtraq ID 13767
URL http://www.zataz.net/adviso/shtool-05252005.txt