Family: Red Hat Local Security Checks --> Category: infos
RHSA-2003-180: sharutils Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the sharutils packages
Detailed Explanation for this Vulnerability Test
Updated packages for sharutils which fix potential privilege escalation
using the uudecode utility are available.
The sharutils package contains a set of tools for encoding and decoding
packages of files in binary or text format.
The uudecode utility creates an output file without checking to see if
it was about to write to a symlink or a pipe. If a user uses uudecode to
extract data into open shared directories, such as /tmp, this vulnerability
could be used by a local attacker to overwrite files or lead to privilege
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2002-0178 to this issue.
Users are advised to upgrade to these errata sharutils packages which
contain a version of uudecode that has been patched to check for an
existing pipe or symlink output file.
Solution : http://rhn.redhat.com/errata/RHSA-2003-180.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.