- Home
- CVEs with nessus.description==An updated sharutils package is now available.
This update has been rated as having low security impact by the Red Hat Security Response Team.
The sharutils package contains a set of tools for encoding and decoding packages of files in binary or text format.
A stack based overflow bug was found in the way shar handles the -o option. If a user can be tricked into running a specially crafted command, it could lead to arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1772 to this issue. Please note that this issue does not affect Red Hat Enterprise Linux 4.
Two buffer overflow bugs were found in sharutils. If an attacker can place a malicious 'wc' command on a victim's machine, or trick a victim into running a specially crafted command, it could lead to arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1773 to this issue.
A bug was found in the way unshar creates temporary files. A local user could use symlinks to overwrite arbitrary files the victim running unshar has write access to. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0990 to this issue.
All users of sharutils should upgrade to this updated package, which includes backported fixes to correct these issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top