|
|
Vulnerability Assessment & Network Security Forums |
|||||||||
|
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Red Hat Local Security Checks >> RHSA-2003-180: sharutils Vulnerability Assessment Details
|
RHSA-2003-180: sharutils |
||
|
Check for the version of the sharutils packages Detailed Explanation for this Vulnerability Assessment Updated packages for sharutils which fix potential privilege escalation using the uudecode utility are available. The sharutils package contains a set of tools for encoding and decoding packages of files in binary or text format. The uudecode utility creates an output file without checking to see if it was about to write to a symlink or a pipe. If a user uses uudecode to extract data into open shared directories, such as /tmp, this vulnerability could be used by a local attacker to overwrite files or lead to privilege escalation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-0178 to this issue. Users are advised to upgrade to these errata sharutils packages which contain a version of uudecode that has been patched to check for an existing pipe or symlink output file. Solution : http://rhn.redhat.com/errata/RHSA-2003-180.html Network Security Threat Level: High Networks Security ID: Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security |
||
|
Home Networking, Cable & DSL |
|
||
|
No Discussions have been posted on this vulnerability. |