|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200410-01] sharutils: Buffer overflows in shar.c and unshar.c Vulnerability Scan
Vulnerability Scan Summary sharutils: Buffer overflows in shar.c and unshar.c
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200410-01
(sharutils: Buffer overflows in shar.c and unshar.c)
sharutils contains two buffer overflows. Ulf Harnhammar discovered a buffer
overflow in shar.c, where the length of data returned by the wc command is
not checked. Florian Schilhabel discovered another buffer overflow in
unshar.c.
Impact
A possible hacker could exploit these vulnerabilities to execute arbitrary code
as the user running one of the sharutils programs.
Workaround
There is no known workaround at this time.
References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=265904
Solution:
All sharutils users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=app-arch/sharutils-4.2.1-r10"
# emerge ">=app-arch/sharutils-4.2.1-r10"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|