sharutils -- unshar insecure temporary file creation

ID 5F003A08-BA3C-11D9-837D-000E0C2E438A
Type freebsd
Reporter FreeBSD
Modified 2005-04-04T00:00:00


An Ubuntu Advisory reports:

Joey Hess discovered that "unshar" created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program.