PT-2004-1072 · Gnu+1 · Sharutils+1

Shaun Colley

Published

2004-12-31

Updated

2017-10-11

CVE-2004-1772

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions sharutils version 4.2.1 GNU sharutils version 4.2.1

Description The issue concerns multiple vulnerabilities in the sharutils package, which can lead to breaches in confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely. A specific vulnerability is a stack-based buffer overflow in the shar utility, allowing local users to execute arbitrary code via a long -o command line argument.

Recommendations For sharutils version 4.2.1, consider restricting access to the shar utility until a patch is available. For GNU sharutils version 4.2.1, avoid using long -o command line arguments in the shar utility to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-06532

CVE-2004-1772

RHSA-2005:377

RHSA-2005_377

Affected Products

Red Hat

Sharutils

PT-2004-1072 · Gnu+1 · Sharutils+1

CVE-2004-1772

Related Identifiers

Affected Products

References · 16