FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sharutils -- unshar insecure temporary file creation

Affected packages
sharutils < 4.3.80

Details

VuXML ID 5f003a08-ba3c-11d9-837d-000e0c2e438a
Discovery 2005-04-04
Entry 2005-05-01

An Ubuntu Advisory reports:

Joey Hess discovered that "unshar" created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program.

References

Bugtraq ID 12981
CVE Name CVE-2005-0990
URL http://www.ubuntulinux.org/support/documentation/usn/usn-104-1