3 results (0.015 seconds)

CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 1

Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument. • http://marc.info/?l=bugtraq&m=108137386310299&w=2 http://www.redhat.com/support/errata/RHSA-2005-377.html http://www.securityfocus.com/archive/1/359639 http://www.securityfocus.com/bid/10066 https://bugzilla.fedora.us/show_bug.cgi?id=2155 https://exchange.xforce.ibmcloud.com/vulnerabilities/15759 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722 https://access.redhat.com/security/cve/CVE-2004-1772 https://bugzilla.redhat.com/show_bug.c •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar. • http://security.gentoo.org/glsa/glsa-200410-01.xml http://www.redhat.com/support/errata/RHSA-2005-377.html http://www.securityfocus.com/bid/11298 https://bugzilla.fedora.us/show_bug.cgi?id=2155 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093 https://access.redhat.com/security/cve/CVE-2004-1773 https://bugzilla.redhat.com/show_bug.cgi?id=1617418 •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands. uudecode, como aparece en el paquete sharutils anteriores a 4.2.1, no comprueba si el nombre del fichero o el fichero uu-codificado es una tubería o un enlace simbólico, lo que podría permitir a atacantes sobreescribir ficheros o ejecutar comandos. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt http://marc.info/?l=bugtraq&m=103599320902432&w=2 http://online.securityfocus.com/advisories/4132 http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en http://www.iss.net/security_center/static/9075.php http://www.kb.cert.org/vuls/id/336083 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php http://www.osvdb.org/8274 http://www.redhat.com/support/errata/RHSA-2002&# •