Red Hat Bugzilla – Bug 158996
CAN-2005-1751 shtool insecure temporary file creation
Last modified: 2007-11-30 17:11:06 EST
+++ This bug was initially created as a clone of Bug #158995 +++
Race condition in shtool 2.0.1 and earlier allows local users to
create or modify arbitrary files via a symlink attack on the
.shtool.$$ temporary file.
nmap contains shtool in its source.
This issue should also affect FC4
I'll release nmap-4.03-0.fc4 and nmap-4.03-0.fc5 with a fix quite soon. As we
don't support FC-3 anymore and this is only a problem during build (which you
aren't supposed to do as root) and this is a codepath which isn't used at all
during our builds, I think this can be closed for good.
Please reopen if you disagree and FC-Legacy needs to push an update, too.