Vulnerabilites related to gnu - sharutils
CVE-2005-0990 (GCVE-0-2005-0990)
Vulnerability from cvelistv5
Published
2005-04-06 04:00
Modified
2024-08-07 21:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9613 | vdb-entry, signature, x_refsource_OVAL | |
| https://bugzilla.ubuntu.com/show_bug.cgi?id=8459 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/19957 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/12981 | vdb-entry, x_refsource_BID | |
| https://usn.ubuntu.com/104-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412 | x_refsource_MISC | |
| http://www.redhat.com/support/errata/RHSA-2005-377.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9613",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9613"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459"
},
{
"name": "sharutils-temp-file-symlink(19957)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19957"
},
{
"name": "12981",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12981"
},
{
"name": "USN-104-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/104-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412"
},
{
"name": "RHSA-2005:377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9613",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9613"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459"
},
{
"name": "sharutils-temp-file-symlink(19957)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19957"
},
{
"name": "12981",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12981"
},
{
"name": "USN-104-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/104-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412"
},
{
"name": "RHSA-2005:377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:9613",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9613"
},
{
"name": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459",
"refsource": "MISC",
"url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459"
},
{
"name": "sharutils-temp-file-symlink(19957)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19957"
},
{
"name": "12981",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12981"
},
{
"name": "USN-104-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/104-1/"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412"
},
{
"name": "RHSA-2005:377",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0990",
"datePublished": "2005-04-06T04:00:00",
"dateReserved": "2005-04-06T00:00:00",
"dateUpdated": "2024-08-07T21:35:59.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0178 (GCVE-0-2002-0178)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt | vendor-advisory, x_refsource_CALDERA | |
| http://www.securityfocus.com/bid/4742 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=103599320902432&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.redhat.com/support/errata/RHSA-2003-180.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.kb.cert.org/vuls/id/336083 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.osvdb.org/8274 | vdb-entry, x_refsource_OSVDB | |
| http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en | x_refsource_MISC | |
| http://www.redhat.com/support/errata/RHSA-2002-065.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.iss.net/security_center/static/9075.php | vdb-entry, x_refsource_XF | |
| http://online.securityfocus.com/advisories/4132 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:27.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CSSA-2002-040.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt"
},
{
"name": "4742",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4742"
},
{
"name": "20021030 GLSA: sharutils",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103599320902432\u0026w=2"
},
{
"name": "MDKSA-2002:052",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php"
},
{
"name": "RHSA-2003:180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-180.html"
},
{
"name": "VU#336083",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/336083"
},
{
"name": "8274",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/8274"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en"
},
{
"name": "RHSA-2002:065",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-065.html"
},
{
"name": "sharutils-uudecode-symlink(9075)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9075.php"
},
{
"name": "HPSBTL0205-040",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://online.securityfocus.com/advisories/4132"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-20T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CSSA-2002-040.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt"
},
{
"name": "4742",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4742"
},
{
"name": "20021030 GLSA: sharutils",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103599320902432\u0026w=2"
},
{
"name": "MDKSA-2002:052",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php"
},
{
"name": "RHSA-2003:180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-180.html"
},
{
"name": "VU#336083",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/336083"
},
{
"name": "8274",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/8274"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en"
},
{
"name": "RHSA-2002:065",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-065.html"
},
{
"name": "sharutils-uudecode-symlink(9075)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9075.php"
},
{
"name": "HPSBTL0205-040",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://online.securityfocus.com/advisories/4132"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CSSA-2002-040.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt"
},
{
"name": "4742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4742"
},
{
"name": "20021030 GLSA: sharutils",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103599320902432\u0026w=2"
},
{
"name": "MDKSA-2002:052",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php"
},
{
"name": "RHSA-2003:180",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-180.html"
},
{
"name": "VU#336083",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/336083"
},
{
"name": "8274",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8274"
},
{
"name": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en",
"refsource": "MISC",
"url": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en"
},
{
"name": "RHSA-2002:065",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-065.html"
},
{
"name": "sharutils-uudecode-symlink(9075)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9075.php"
},
{
"name": "HPSBTL0205-040",
"refsource": "HP",
"url": "http://online.securityfocus.com/advisories/4132"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0178",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-04-17T00:00:00",
"dateUpdated": "2024-08-08T02:42:27.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000097 (GCVE-0-2018-1000097)
Vulnerability from cvelistv5
Published
2018-03-13 01:00
Modified
2024-08-05 12:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3605-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.debian.org/security/2018/dsa-4167 | vendor-advisory, x_refsource_DEBIAN | |
| http://seclists.org/bugtraq/2018/Feb/54 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:49.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3605-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3605-1/"
},
{
"name": "DSA-4167",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4167"
},
{
"name": "20180221 Sharutils 4.15.2 Heap-Buffer-Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2018/Feb/54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-02-21T00:00:00",
"datePublic": "2018-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file.."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-06T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3605-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3605-1/"
},
{
"name": "DSA-4167",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4167"
},
{
"name": "20180221 Sharutils 4.15.2 Heap-Buffer-Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2018/Feb/54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2/21/2018 8:54:32",
"ID": "CVE-2018-1000097",
"REQUESTER": "nafiez.skins@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file.."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3605-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3605-1/"
},
{
"name": "DSA-4167",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4167"
},
{
"name": "20180221 Sharutils 4.15.2 Heap-Buffer-Overflow",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2018/Feb/54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000097",
"datePublished": "2018-03-13T01:00:00",
"dateReserved": "2018-03-12T00:00:00",
"dateUpdated": "2024-08-05T12:33:49.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1773 (GCVE-0-2004-1773)
Vulnerability from cvelistv5
Published
2005-03-28 05:00
Modified
2024-08-08 01:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.fedora.us/show_bug.cgi?id=2155 | vendor-advisory, x_refsource_FEDORA | |
| http://security.gentoo.org/glsa/glsa-200410-01.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/11298 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.redhat.com/support/errata/RHSA-2005-377.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FLSA:2155",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"name": "GLSA-200410-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200410-01.xml"
},
{
"name": "11298",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11298"
},
{
"name": "oval:org.mitre.oval:def:11093",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093"
},
{
"name": "RHSA-2005:377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FLSA:2155",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"name": "GLSA-200410-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200410-01.xml"
},
{
"name": "11298",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11298"
},
{
"name": "oval:org.mitre.oval:def:11093",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093"
},
{
"name": "RHSA-2005:377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FLSA:2155",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"name": "GLSA-200410-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200410-01.xml"
},
{
"name": "11298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11298"
},
{
"name": "oval:org.mitre.oval:def:11093",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093"
},
{
"name": "RHSA-2005:377",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1773",
"datePublished": "2005-03-28T05:00:00",
"dateReserved": "2005-03-29T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1772 (GCVE-0-2004-1772)
Vulnerability from cvelistv5
Published
2005-03-28 05:00
Modified
2024-08-08 01:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=108137386310299&w=2 | vendor-advisory, x_refsource_OPENPKG | |
| https://bugzilla.fedora.us/show_bug.cgi?id=2155 | vendor-advisory, x_refsource_FEDORA | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/bid/10066 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15759 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/359639 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2005-377.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "OpenPKG-SA-2004.011",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108137386310299\u0026w=2"
},
{
"name": "FLSA:2155",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"name": "oval:org.mitre.oval:def:11722",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722"
},
{
"name": "10066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10066"
},
{
"name": "sharutils-shar-bo(15759)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15759"
},
{
"name": "20040406 GNU Sharutils buffer overflow vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/359639"
},
{
"name": "RHSA-2005:377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "OpenPKG-SA-2004.011",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108137386310299\u0026w=2"
},
{
"name": "FLSA:2155",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"name": "oval:org.mitre.oval:def:11722",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722"
},
{
"name": "10066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10066"
},
{
"name": "sharutils-shar-bo(15759)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15759"
},
{
"name": "20040406 GNU Sharutils buffer overflow vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/359639"
},
{
"name": "RHSA-2005:377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "OpenPKG-SA-2004.011",
"refsource": "OPENPKG",
"url": "http://marc.info/?l=bugtraq\u0026m=108137386310299\u0026w=2"
},
{
"name": "FLSA:2155",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"name": "oval:org.mitre.oval:def:11722",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722"
},
{
"name": "10066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10066"
},
{
"name": "sharutils-shar-bo(15759)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15759"
},
{
"name": "20040406 GNU Sharutils buffer overflow vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/359639"
},
{
"name": "RHSA-2005:377",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1772",
"datePublished": "2005-03-28T05:00:00",
"dateReserved": "2005-03-29T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:sharutils:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAD86FF-979F-4203-93A7-DE7ADDBC7764",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file."
}
],
"id": "CVE-2005-0990",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12981"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19957"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9613"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/104-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/104-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:sharutils:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48361665-C825-4AD9-9347-CF6D1E4C9515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:sharutils:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAD86FF-979F-4203-93A7-DE7ADDBC7764",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar."
}
],
"id": "CVE-2004-1773",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200410-01.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11298"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200410-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-05-29 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:sharutils:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48361665-C825-4AD9-9347-CF6D1E4C9515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands."
},
{
"lang": "es",
"value": "uudecode, como aparece en el paquete sharutils anteriores a 4.2.1, no comprueba si el nombre del fichero o el fichero uu-codificado es una tuber\u00eda o un enlace simb\u00f3lico, lo que podr\u00eda permitir a atacantes sobreescribir ficheros o ejecutar comandos."
}
],
"id": "CVE-2002-0178",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-05-29T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103599320902432\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/advisories/4132"
},
{
"source": "cve@mitre.org",
"url": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9075.php"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/336083"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/8274"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-065.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-180.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103599320902432\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/advisories/4132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9075.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/336083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/8274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-180.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4742"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:sharutils:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48361665-C825-4AD9-9347-CF6D1E4C9515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:sharutils:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAD86FF-979F-4203-93A7-DE7ADDBC7764",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument."
}
],
"id": "CVE-2004-1772",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108137386310299\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/archive/1/359639"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10066"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15759"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108137386310299\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/archive/1/359639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-13 01:29
Modified
2024-11-21 03:39
Severity ?
Summary
Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/bugtraq/2018/Feb/54 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3605-1/ | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4167 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/bugtraq/2018/Feb/54 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3605-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4167 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| gnu | sharutils | 4.15.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:sharutils:4.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E23AD77-90CA-4EEB-BD10-0B1ABA870226",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file.."
},
{
"lang": "es",
"value": "Sharutils sharutils (comando unshar) 4.15.2 contiene una vulnerabilidad de desbordamiento de b\u00fafer. El componente afectado est\u00e1 en el archivo unshar.c en la l\u00ednea 75, en la funci\u00f3n looks_like_c_code. El error a la hora de realizar la comprobaci\u00f3n del b\u00fafer que contiene la l\u00ednea de entrada podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo. Este ataque parece ser explotable si la v\u00edctima ejecuta el comando unshar en un archivo especialmente manipulado."
}
],
"id": "CVE-2018-1000097",
"lastModified": "2024-11-21T03:39:38.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-13T01:29:00.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2018/Feb/54"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3605-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2018/Feb/54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3605-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4167"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}