GNU sharutils shar -o Option Local Overflow

2004-04-06T00:00:00
ID OSVDB:10231
Type osvdb
Reporter Shaun Colley(shaunige@yahoo.co.uk)
Modified 2004-04-06T00:00:00

Description

Vulnerability Description

A local overflow exists in GNU sharutils. The shar command from sharutils fails to correctly limit the size of the value passed in with the -o option resulting in a buffer overflow. With a specially crafted request, an attacker can cause a denial of service and possible code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds to correct this issue. However, Shaun Colley has released an unofficial patch to address this vulnerability. OpenPKG has also released an upgrade as sharutils-4.2.1-2.0.1.src.rpm.

Short Description

A local overflow exists in GNU sharutils. The shar command from sharutils fails to correctly limit the size of the value passed in with the -o option resulting in a buffer overflow. With a specially crafted request, an attacker can cause a denial of service and possible code execution resulting in a loss of integrity.

Manual Testing Notes

shar -o perl -e 'print "a"x2000'

References:

Vendor URL: http://www.gnu.org/software/sharutils/sharutils.html Vendor Specific Solution URL: ftp://ftp.openpkg.org/release/2.0/UPD/sharutils-4.2.1-2.0.1.src.rpm Vendor Specific Advisory URL Secunia Advisory ID:15138 Other Advisory URL: http://rhn.redhat.com/errata/RHSA-2005-377.html Other Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2005-135_RHSA-2005-377.pdf Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-04/0048.html ISS X-Force ID: 15759 CVE-2004-1772 Bugtraq ID: 10066