Bug 158997

Summary: CAN-2005-1751 shtool insecure temporary file creation
Product: Red Hat Enterprise Linux 4 Reporter: Josh Bressers <bressers>
Component: phpAssignee: Joe Orton <jorton>
Status: CLOSED DUPLICATE QA Contact: David Lawrence <dkl>
Severity: low Docs Contact:
Priority: medium    
Version: 4.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,public=20050524,source=vendor-sec,reported=20050526
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-05-27 11:48:25 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Josh Bressers 2005-05-27 11:27:23 EDT
Race condition in shtool 2.0.1 and earlier allows local users to
create or modify arbitrary files via a symlink attack on the
.shtool.$$ temporary file.
http://www.zataz.net/adviso/shtool-05252005.txt

php contains shtool in its source.
Comment 1 Josh Bressers 2005-05-27 11:27:49 EDT
This issue should also affect RHEL2.1 and RHEL3
Comment 2 Joe Orton 2005-05-27 11:48:25 EDT

*** This bug has been marked as a duplicate of 159000 ***