CVE-2002-0211

Name of the Vulnerable Software and Affected Versions Tarantella Enterprise 3 versions 3.01 through 3.20

Description A race condition exists in the installation script, which creates a world-writeable temporary "gunzip" program before executing it. This could allow local users to execute arbitrary commands by modifying the program before it is executed.

Recommendations For Tarantella Enterprise 3 versions 3.01 through 3.20, consider restricting access to the temporary directory where the "gunzip" program is created to prevent unauthorized modifications. As a temporary workaround, consider disabling the execution of the installation script until a patch is available.