File Overwrite Vulnerability in Sharutils by GNU
CVE-2005-0990

Currently unrated

Key Information:

Vendor: Gnu
Status: Sharutils
Vendor: CVE Published:; 2 May 2005

Summary

A vulnerability in the GNU sharutils version 4.2.1 allows local users to perform a symlink attack, potentially overwriting arbitrary files. The issue arises when unshar (unshar.c) creates temporary files without proper validation, leading to security risks for the system. Users can exploit this flaw if they have the ability to create symlinks, which can be directed to sensitive or critical files on the system.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://bugzilla.ubuntu.com/show_bug.cgi?id=8459

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/19957

vdb-entryx_refsource_XF

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Apr 6, 2005