CVE-2002-0178 | Vulnerability Database | Aqua Security

uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.

Affected Software

Name	Vendor	Start Version	End Version
Sharutils	Gnu	4.2 (including)	4.2 (including)
Red Hat Enterprise Linux AS (Advanced Server) version 2.1	RedHat		*
Red Hat Linux 6.2	RedHat		*
Red Hat Linux 7.0	RedHat		*
Red Hat Linux 7.1	RedHat		*
Red Hat Linux 7.2	RedHat		*

References

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt
http://marc.info/?l=bugtraq\u0026m=103599320902432\u0026w=2
http://online.securityfocus.com/advisories/4132
http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en
http://www.iss.net/security_center/static/9075.php
http://www.kb.cert.org/vuls/id/336083
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php
http://www.osvdb.org/8274
http://www.redhat.com/support/errata/RHSA-2002-065.html
http://www.redhat.com/support/errata/RHSA-2003-180.html
http://www.securityfocus.com/bid/4742
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt
http://marc.info/?l=bugtraq\u0026m=103599320902432\u0026w=2
http://online.securityfocus.com/advisories/4132
http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en
http://www.iss.net/security_center/static/9075.php
http://www.kb.cert.org/vuls/id/336083
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php
http://www.osvdb.org/8274
http://www.redhat.com/support/errata/RHSA-2002-065.html
http://www.redhat.com/support/errata/RHSA-2003-180.html
http://www.securityfocus.com/bid/4742

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-0178
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html