Description of problem: lha doesn't open temporary files exclusively, which makes it possible for an attacker to conduct a time-dependent attack by creating the file in advance. Version-Release number of selected component (if applicable): Affects: RHEL2.1 Affects: RHEL3 Affects: RHEL4 Affects: FC5 How reproducible: Time-dependent race. Additional info: The patch also incorporates some trailing-NUL things from SUSE's security review patch. I do not know why weren't they unlike some other fixes from that patch integrated in our packages. It might be possible that they are not needed. The patch is basically a polished diff between SUSE and FC-5 lha.
Created attachment 152702 [details] Patch for lha /tmp race & others, applies to FC5
Reporter changed to security-response-team by request of Jay Turner.
Statement: Red Hat no longer plans to fix this issue in Red Hat Enterprise Linux 4.