GNU SHTool Insecure Temporary File Deletion Vulnerability
GNU shTool is prone to an insecure temporary file deletion vulnerability.
This issue is due to a design error that causes a file to be insecurely deleted and subsequently and linked file deleted.
An attacker may leverage this issue to delete arbitrary files with the privileges of an unsuspecting user that activates the affected application.
Update (2005/06/11): ocaml-mysql, a package for the Object Camel language that provides access to MySQL, contains shtool code and is vulnerable.
Update (2005/07/14): PHP prior to version 4.4.0 contains shtool code and is vulnerable.