Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Red Hat Local Security Checks --> Category: infos

RHSA-2003-180: sharutils Vulnerability Scan


Vulnerability Scan Summary
Check for the version of the sharutils packages

Detailed Explanation for this Vulnerability Test


Updated packages for sharutils which fix potential privilege escalation
using the uudecode utility are available.

The sharutils package contains a set of tools for encoding and decoding
packages of files in binary or text format.

The uudecode utility creates an output file without checking to see if
it was about to write to a symlink or a pipe. If a user uses uudecode to
extract data into open shared directories, such as /tmp, this vulnerability
could be used by a local attacker to overwrite files or lead to privilege
escalation.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2002-0178 to this issue.

Users are advised to upgrade to these errata sharutils packages which
contain a version of uudecode that has been patched to check for an
existing pipe or symlink output file.




Solution : http://rhn.redhat.com/errata/RHSA-2003-180.html
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.