Red Hat Bugzilla – Bug 199432
nant: arbitrary command execution due to buildroot remainders
Last modified: 2007-11-30 17:11:38 EST
See bug 193957 comment 17 (and a potential fix in comment 16 there):
/usr/bin/nant from nant-0.85-5.fc6 tries to execute NAnt.exe from a path
containing the build root, ie. /var/tmp/... which is world writable, resulting
in arbitrary command execution vulnerability.
This has been fixed in 0.85-6