Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:067: sharutils Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the sharutils package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:067 (sharutils).
Shaun Colley discovered a buffer overflow in shar that was triggered by output
files (using -o) with names longer than 49 characters which could be exploited
to run arbitrary attacker-specified code.
Ulf Harnhammar discovered that shar does not check the data length returned by
the wc command.
Joey Hess discovered that unshar would create temporary files in an insecure
manner which could allow a symbolic link attack to create or overwrite
arbitrary files with the rights of the user using unshar.
The updated packages have been patched to correct these issues.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:067
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.