Full Disclosure mailing list archives
Re: [USN-104-1] unshar vulnerability
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 04 Apr 2005 14:33:15 +0200
* Martin Pitt:
Joey Hess discovered that "unshar" created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program.
Keep in mind that by design, unshar just pipes its input file to /bin/sh. Technically, the temporary file issue discovered by Joey is still a vulnerability (as the attack vector is different), but it's very desirable to phase out any remaining use of unshar (and shell archives in general). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [USN-104-1] unshar vulnerability Martin Pitt (Apr 04)
- Re: [USN-104-1] unshar vulnerability Florian Weimer (Apr 04)