Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sharutils | Gnu | 4.2 (including) | 4.2 (including) |
| Sharutils | Gnu | 4.2.1 (including) | 4.2.1 (including) |
| Red Hat Enterprise Linux 3 | RedHat | sharutils-0:4.2.1-16.2 | * |
| Red Hat Enterprise Linux 4 | RedHat | sharutils-0:4.2.1-22.2 | * |
| Sharutils | Ubuntu | dapper | * |
| Sharutils | Ubuntu | devel | * |
| Sharutils | Ubuntu | edgy | * |
| Sharutils | Ubuntu | feisty | * |
References
- http://marc.info/?l=bugtraq\u0026m=108137386310299\u0026w=2
- http://www.redhat.com/support/errata/RHSA-2005-377.html
- http://www.securityfocus.com/archive/1/359639
- http://www.securityfocus.com/bid/10066
- https://bugzilla.fedora.us/show_bug.cgi?id=2155
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15759
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722
- http://marc.info/?l=bugtraq\u0026m=108137386310299\u0026w=2
- http://www.redhat.com/support/errata/RHSA-2005-377.html
- http://www.securityfocus.com/archive/1/359639
- http://www.securityfocus.com/bid/10066
- https://bugzilla.fedora.us/show_bug.cgi?id=2155
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15759
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722