|
Family: Ubuntu Local Security Checks --> Category: infos
USN102-1 : sharutils vulnerabilities Vulnerability Scan
Vulnerability Scan Summary sharutils vulnerabilities
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- sharutils
- sharutils-doc
Description :
Shaun Colley discovered a buffer overflow in "shar" that was triggered
by output files (specified with -o) with names longer than 49
characters. This could be exploited to run arbitrary attacker
specified code on systems that automatically process uploaded files
with shar.
Ulf Harnhammar discovered that shar does not check the data length
returned by the 'wc' command. However, it is believed that this cannot
actually be exploited on real systems.
Solution :
Upgrade to :
- sharutils-4.2.1-10ubuntu0.1 (Ubuntu 4.10)
- sharutils-doc-4.2.1-10ubuntu0.1 (Ubuntu 4.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|