Input Validation Flaw in Uudecode of Sharutils Package by Caldera
CVE-2002-0178

Currently unrated

Key Information:

Vendor: Gnu
Status: Sharutils
Vendor: CVE Published:; 29 May 2002

Summary

The uudecode utility from the sharutils package prior to version 4.2.1 lacks proper validation mechanisms for the filename of uudecoded files. This oversight enables attackers to create symbolic links or use pipes to overwrite existing files or execute arbitrary commands on the server. Such vulnerabilities present significant risks, as they can compromise the integrity and security of the system, allowing for unauthorized access or data manipulation.

References

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-04...

vendor-advisoryx_refsource_CALDERA

http://www.securityfocus.com/bid/4742

vdb-entryx_refsource_BID

http://marc.info/?l=bugtraq&m=103599320902432&w=2

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
May 29, 2002
Vulnerability Reserved
Apr 17, 2002