VULHUB ™

A vulnerability exists in tmpwatch, a utility which automates the removal of temporary files in unix-like systems. An optional component of tmpwatch, fuser, improperly handles arguments to system() library calls. If an attacker creates a file with a maliciously-constructed filename including shell meta characters, and -fuser is run on this file, the attacker may be able to execute arbitrary commands, potentially compromising superuser access if tmpwatch is run with root privileges.

A vulnerability exists in tmpwatch, a utility which automates the removal of temporary files in unix-like systems. An optional component of tmpwatch, fuser, improperly handles arguments to system() library calls. If an attacker creates a file with a maliciously-constructed filename including shell meta characters, and -fuser is run on this file, the attacker may be able to execute arbitrary commands, potentially compromising superuser access if tmpwatch is run with root privileges.