CVE-2002-0211

Description

Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.

Affected products

• tarantella / tarantella_enterprise3.3.0 – 3.3.0
• tarantella / tarantella_enterprise3.3.0.1 – 3.3.0.1
• tarantella / tarantella_enterprise3.3.10 – 3.3.10
• tarantella / tarantella_enterprise3.3.11 – 3.3.11
• tarantella / tarantella_enterprise3.3.20 – 3.3.20

References

• MISChttp://www.securityfocus.com/bid/3966
• MAILING_LISThttp://marc.info/?l=bugtraq&m=101208650722179&w=2
• MISChttp://online.securityfocus.com/archive/1/265845
• MISChttp://www.tarantella.com/security/bulletin-04.html
• MISChttp://www.iss.net/security_center/static/7996.php