Red Hat Bugzilla – Bug 409871
CVE-2007-6209 zsh insecure /tmp file usage
Last modified: 2016-03-04 05:44:34 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6209 to the following vulnerability:
difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Not vulnerable. These issues did not affect the versions of the zsh package as
shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
It's worth noting that even the 4.3.4 version of zsh we ship in Fedora is also
not vulnerable, as we don't ship that perl script (looks like an addon).