Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sharutils | Gnu | 4.2 (including) | 4.2 (including) |
| Sharutils | Gnu | 4.2.1 (including) | 4.2.1 (including) |
| Red Hat Enterprise Linux 3 | RedHat | sharutils-0:4.2.1-16.2 | * |
| Red Hat Enterprise Linux 4 | RedHat | sharutils-0:4.2.1-22.2 | * |
| Sharutils | Ubuntu | dapper | * |
| Sharutils | Ubuntu | devel | * |
| Sharutils | Ubuntu | edgy | * |
| Sharutils | Ubuntu | feisty | * |
References
- http://security.gentoo.org/glsa/glsa-200410-01.xml
- http://www.redhat.com/support/errata/RHSA-2005-377.html
- http://www.securityfocus.com/bid/11298
- https://bugzilla.fedora.us/show_bug.cgi?id=2155
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093
- http://security.gentoo.org/glsa/glsa-200410-01.xml
- http://www.redhat.com/support/errata/RHSA-2005-377.html
- http://www.securityfocus.com/bid/11298
- https://bugzilla.fedora.us/show_bug.cgi?id=2155
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093