VULHUB ™

Tarantella Enterprise 3 is vulnerable to a race condition during the installation process. During installation, a root owned binary is created in /tmp (the directory specified by the $TMPDIR environment variable) with the name gunzip#### where #### is a PID. Prior to it being invoked by the installation program it can be overwritten by a local user. This is then run by the installation program with root privileges. An attacker can only gain privileges in this manner if a privileged user is installing the software.

Tarantella Enterprise 3 is vulnerable to a race condition during the installation process. During installation, a root owned binary is created in /tmp (the directory specified by the $TMPDIR environment variable) with the name gunzip#### where #### is a PID. Prior to it being invoked by the installation program it can be overwritten by a local user. This is then run by the installation program with root privileges. An attacker can only gain privileges in this manner if a privileged user is installing the software.