Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

Gentoo: GLSA 200504-06 Normal: Unshar Symlink Exploit Risk

gentoo
Calendar Grey April 6, 2005
Scroller Gentoo
The Gentoo Linux Security Advisory GLSA 200504-06 addresses serious vulnerabilities in the unshar utility's symlink handling, risking file overwriting and system integrity.
The unshar utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

Summary

Gentoo Linux Security Advisory GLSA 200504-06 https://security.gentoo.org/ Severity: Normal Title: sharutils: Insecure temporary file creation Date: April 06, 2005 Bugs: #87939 ID: 200504-06

Synopsis ======= The unshar utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.
Background ========= sharutils is a collection of tools to deal with shar archives.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-arch/sharutils < 4.2.1-r11 >= 4.2.1-r11
========== Joey Hess has discovered that the program unshar, which is a part of sharutils, creates temporary files in a world-writable directory with predictable na...

Read the Full Advisory

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround