GNU SHTool Insecure Temporary File Deletion Vulnerability

GNU shTool is prone to an insecure temporary file deletion vulnerability.

This issue is due to a design error that causes a file to be insecurely deleted and subsequently and linked file deleted.

An attacker may leverage this issue to delete arbitrary files with the privileges of an unsuspecting user that activates the affected application.

Update (2005/06/11): ocaml-mysql, a package for the Object Camel language that provides access to MySQL, contains shtool code and is vulnerable.

Update (2005/07/14): PHP prior to version 4.4.0 contains shtool code and is vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus