PT-2005-1073 · Gnu+1 · Sharutils+1

Joey Hess

Published

2005-04-06

Updated

2018-10-03

CVE-2005-0990

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions sharutils version 4.2.1

Description The issue affects the sharutils package in Red Hat Enterprise Linux, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely. Specifically, the unshar function in unshar.c allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.

Recommendations For sharutils version 4.2.1, consider restricting access to the unshar function until a patch is available. As a temporary workaround, avoid using the unshar function to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-06532

CVE-2005-0990

RHSA-2005:377

RHSA-2005_377

Affected Products

Red Hat

Sharutils

PT-2005-1073 · Gnu+1 · Sharutils+1

CVE-2005-0990

Related Identifiers

Affected Products

References · 17