CVE-2005-1751 shtool Symlink Arbitrary File Manipulation

Timeline :

Vulnerability discovered by Eric Romang the 2005-05-25
Vendor notified the 2005-05-25
Vulnerability disclosure the 2005-05-25

Reference(s) :

CVE-2005-1751
OSVDB-16848
GLSA 200506-08

Affected version(s) :

shtool before or equal to 2.0.1

Description :

shtool contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to the script creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.