110 matches found
FreeBSD Ports: sharutils
The remote host is missing an update to the system as announced in the referenced advisory. VID 26c9e8c6-1c99-11d9-814e-0001020eed82 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
CentOS 3 / 4 : sharutils (CESA-2005:377)
An updated sharutils package is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The sharutils package contains a set of tools for encoding and decoding packages of files in binary or text format. A stack based overflow bug was found i...
Ubuntu 4.10 : sharutils vulnerability (USN-104-1)
Joey Hess discovered that 'unshar' created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block...
Fedora Core 3 : sharutils-4.2.1-22.1.FC3 (2005-281)
Thu Mar 31 2005 Than Ngo 4.2.1-22.1.FC3 - apply patch to fix multiple buffer overflows 152574 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
Fedora Core 3 : sharutils-4.2.1-22.2.FC3 (2005-319)
Mon Apr 11 2005 Than Ngo 4.2.1-22.2.FC3 - apply debian patch to fix insecure temporary file creation in unshar 154049, CVE-2005-0990 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically...
FreeBSD : sharutils -- unshar insecure temporary file creation (5f003a08-ba3c-11d9-837d-000e0c2e438a)
An Ubuntu Advisory reports : Joey Hess discovered that 'unshar' created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Fedora Core 2 : sharutils-4.2.1-18.1.FC2 (2005-280)
Thu Mar 31 2005 Than Ngo 4.2.1-18.1.FC2 - apply patch to fix multiple buffer overflows 152571 - apply patch to fix buffer overflow in handling of -o option, CVE-2004-1772, 123230 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...
CVE-2005-0990
unshar unshar.c in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file...
CVE-2005-0990
unshar unshar.c in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file...
CVE-2005-0990
unshar unshar.c in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file...
RHEL 4 : sharutils (RHSA-2005:377)
The remote Redhat Enterprise Linux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2005:377 advisory. The sharutils package contains a set of tools for encoding and decoding packages of files in binary or text format. A stack based overflow bu...
sharutils security update
CentOS Errata and Security Advisory CESA-2005:377-01 An updated sharutils package is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The sharutils package contains a set of tools for encoding and decoding packages of files in binary o...
cvs, sharutils security update
CentOS Errata and Security Advisory CESA-2005:377 An updated sharutils package is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The sharutils package contains a set of tools for encoding and decoding packages of files in binary or...
security flaw
unshar unshar.c in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file...
Low: Red Hat Security Advisory: sharutils security update
An updated sharutils package is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The sharutils package contains a set of tools for encoding and decoding packages of files in binary or text format. A stack based overflow bug was found i...
security flaw
Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via 1 long output from wc to shar, or 2 unknown vectors in unshar...
security flaw
Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument...
Mandrake Linux Security Advisory : sharutils (MDKSA-2005:067)
Shaun Colley discovered a buffer overflow in shar that was triggered by output files using -o with names longer than 49 characters which could be exploited to run arbitrary attacker-specified code. Ulf Harnhammar discovered that shar does not check the data length returned by the wc command. Joey...
GLSA-200504-06 : sharutils: Insecure temporary file creation
The remote host is affected by the vulnerability described in GLSA-200504-06 sharutils: Insecure temporary file creation Joey Hess has discovered that the program unshar, which is a part of sharutils, creates temporary files in a world-writable directory with predictable names. Impact : A local...
CVE-2005-0990
CVE-2005-0990 affects sharutils 4.2.1, specifically unshar.c, where a local user can perform a symlink attack on the unsh.X temporary file to overwrite arbitrary files. This is described across multiple sources (NVD entry for CVE-2005-0990, Debian/OSV references, and Red Hat/CentOS advisories) an...