Race condition vulnerability in Tarantella Enterprise 3 installation script allows for arbitrary command execution

Race condition vulnerability in Tarantella Enterprise 3 installation script allows for arbitrary command execution

CVE-2002-0211 · MEDIUM Severity

AV:L/AC:H/AU:N/C:C/I:C/A:C

Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.

Learn more about our User Device Pen Test.