Author: JT Smith
“A vulnerability exists in the bourne again shell that could allow arbitrary writing to files. The problem exists in the insecure creation of files in the /tmp directory. When using redirection, files are created in the /tmp directory without first checking for existance of the file. This could result in a symbolic link attack that could be used to corrupt any file that the owner of the redirecting shell has access to write to. This vulnerability affects those systems using Bourne Again Shell Version 1.” Full details and patches on SecurityFocus.com.