Red Hat Bugzilla – Bug 159003
CAN-2005-1751 shtool insecure temporary file creation
Last modified: 2007-11-30 17:11:06 EST
Race condition in shtool 2.0.1 and earlier allows local users to
create or modify arbitrary files via a symlink attack on the
.shtool.$$ temporary file.
ncpfs contains shtool in its source.
This issue should also affect FC4
Ncpfs contains shtool in its source but it is not original shtool. It is only
small part of it. The part of code which create temporary file is in if sequence
and its condition can never be true.
if [ ".$gen_tmpfile" = .yes ]; then
rm -f $tmpfile >/dev/null 2>&1