Vulnerabilities > CVE-2002-0178 - Symbolic Link Attack vulnerability in GNU Sharutils 4.2
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-052.NASL description The uudecode utility creates output files without checking to see if it is about to write to a symlink or pipe. This could be exploited by a local attacker to overwrite files or lead to privilege escalation if users decode data into share directories, such as /tmp. This update fixes this vulnerability by checking to see if the destination output file is a symlink or pipe. last seen 2020-06-01 modified 2020-06-02 plugin id 13955 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13955 title Mandrake Linux Security Advisory : sharutils (MDKSA-2002:052) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-180.NASL description Updated packages for sharutils which fix potential privilege escalation using the uudecode utility are available. The sharutils package contains a set of tools for encoding and decoding packages of files in binary or text format. The uudecode utility creates an output file without checking to see if it was about to write to a symlink or a pipe. If a user uses uudecode to extract data into open shared directories, such as /tmp, this vulnerability could be used by a local attacker to overwrite files or lead to privilege escalation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-0178 to this issue. Users are advised to upgrade to these errata sharutils packages which contain a version of uudecode that has been patched to check for an existing pipe or symlink output file. last seen 2020-06-01 modified 2020-06-02 plugin id 12398 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12398 title RHEL 2.1 : sharutils (RHSA-2003:180)
Redhat
| advisories |
|
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt
- http://marc.info/?l=bugtraq&m=103599320902432&w=2
- http://online.securityfocus.com/advisories/4132
- http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en
- http://www.iss.net/security_center/static/9075.php
- http://www.kb.cert.org/vuls/id/336083
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php
- http://www.osvdb.org/8274
- http://www.redhat.com/support/errata/RHSA-2002-065.html
- http://www.redhat.com/support/errata/RHSA-2003-180.html
- http://www.securityfocus.com/bid/4742