ID CVE-2004-1772
Summary Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.
References
Vulnerable Configurations
  • GNU Sharutils 4.2
    cpe:2.3:a:gnu:sharutils:4.2
  • GNU Sharutils 4.2.1
    cpe:2.3:a:gnu:sharutils:4.2.1
CVSS
Base: 4.6 (as of 30-05-2005 - 21:06)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-377.NASL
    description An updated sharutils package is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The sharutils package contains a set of tools for encoding and decoding packages of files in binary or text format. A stack based overflow bug was found in the way shar handles the -o option. If a user can be tricked into running a specially crafted command, it could lead to arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1772 to this issue. Please note that this issue does not affect Red Hat Enterprise Linux 4. Two buffer overflow bugs were found in sharutils. If an attacker can place a malicious 'wc' command on a victim's machine, or trick a victim into running a specially crafted command, it could lead to arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1773 to this issue. A bug was found in the way unshar creates temporary files. A local user could use symlinks to overwrite arbitrary files the victim running unshar has write access to. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0990 to this issue. All users of sharutils should upgrade to this updated package, which includes backported fixes to correct these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18147
    published 2005-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18147
    title RHEL 2.1 / 3 / 4 : sharutils (RHSA-2005:377)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-067.NASL
    description Shaun Colley discovered a buffer overflow in shar that was triggered by output files (using -o) with names longer than 49 characters which could be exploited to run arbitrary attacker-specified code. Ulf Harnhammar discovered that shar does not check the data length returned by the wc command. Joey Hess discovered that unshar would create temporary files in an insecure manner which could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user using unshar. The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18002
    published 2005-04-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18002
    title Mandrake Linux Security Advisory : sharutils (MDKSA-2005:067)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-377.NASL
    description An updated sharutils package is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The sharutils package contains a set of tools for encoding and decoding packages of files in binary or text format. A stack based overflow bug was found in the way shar handles the -o option. If a user can be tricked into running a specially crafted command, it could lead to arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1772 to this issue. Please note that this issue does not affect Red Hat Enterprise Linux 4. Two buffer overflow bugs were found in sharutils. If an attacker can place a malicious 'wc' command on a victim's machine, or trick a victim into running a specially crafted command, it could lead to arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1773 to this issue. A bug was found in the way unshar creates temporary files. A local user could use symlinks to overwrite arbitrary files the victim running unshar has write access to. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0990 to this issue. All users of sharutils should upgrade to this updated package, which includes backported fixes to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21814
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21814
    title CentOS 3 / 4 : sharutils (CESA-2005:377)
oval via4
accepted 2013-04-29T04:15:31.675-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.
family unix
id oval:org.mitre.oval:def:11722
status accepted
submitted 2010-07-09T03:56:16-04:00
title Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.
version 22
redhat via4
advisories
rhsa
id RHSA-2005:377
refmap via4
bid 10066
bugtraq 20040406 GNU Sharutils buffer overflow vulnerability.
fedora FLSA:2155
openpkg OpenPKG-SA-2004.011
xf sharutils-shar-bo(15759)
Last major update 17-10-2016 - 23:00
Published 31-12-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top