Vulnerability discovered by Eric Romang the 2005-05-25
Vendor notified the 2005-05-25
Vulnerability disclosure the 2005-05-25
Affected version(s) :
shtool before or equal to 2.0.1
shtool contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to the script creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.