Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Mandrake Local Security Checks --> Category: infos

MDKSA-2005:067: sharutils Vulnerability Scan

Vulnerability Scan Summary
Check for the version of the sharutils package

Detailed Explanation for this Vulnerability Test

The remote host is missing the patch for the advisory MDKSA-2005:067 (sharutils).

Shaun Colley discovered a buffer overflow in shar that was triggered by output
files (using -o) with names longer than 49 characters which could be exploited
to run arbitrary attacker-specified code.

Ulf Harnhammar discovered that shar does not check the data length returned by
the wc command.

Joey Hess discovered that unshar would create temporary files in an insecure
manner which could allow a symbolic link attack to create or overwrite
arbitrary files with the rights of the user using unshar.

The updated packages have been patched to correct these issues.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.