Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for sharutils by gnu
CVE-2018-1000097 (GCVE-0-2018-1000097)
Vulnerability from cvelistv5 – Published: 2018-03-13 01:00 – Updated: 2024-08-05 12:33
VLAI
Summary
Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://usn.ubuntu.com/3605-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://www.debian.org/security/2018/dsa-4167 | vendor-advisoryx_refsource_DEBIAN |
| http://seclists.org/bugtraq/2018/Feb/54 | mailing-listx_refsource_BUGTRAQ |
Date Public
2018-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:49.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3605-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3605-1/"
},
{
"name": "DSA-4167",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4167"
},
{
"name": "20180221 Sharutils 4.15.2 Heap-Buffer-Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2018/Feb/54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-02-21T00:00:00.000Z",
"datePublic": "2018-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file.."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-06T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3605-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3605-1/"
},
{
"name": "DSA-4167",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4167"
},
{
"name": "20180221 Sharutils 4.15.2 Heap-Buffer-Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2018/Feb/54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2/21/2018 8:54:32",
"ID": "CVE-2018-1000097",
"REQUESTER": "nafiez.skins@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file.."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3605-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3605-1/"
},
{
"name": "DSA-4167",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4167"
},
{
"name": "20180221 Sharutils 4.15.2 Heap-Buffer-Overflow",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2018/Feb/54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000097",
"datePublished": "2018-03-13T01:00:00.000Z",
"dateReserved": "2018-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:33:49.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0990 (GCVE-0-2005-0990)
Vulnerability from cvelistv5 – Published: 2005-04-06 04:00 – Updated: 2024-08-07 21:35
VLAI
Summary
unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| https://bugzilla.ubuntu.com/show_bug.cgi?id=8459 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/12981 | vdb-entryx_refsource_BID |
| https://usn.ubuntu.com/104-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412 | x_refsource_MISC |
| http://www.redhat.com/support/errata/RHSA-2005-377.html | vendor-advisoryx_refsource_REDHAT |
Date Public
2005-04-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9613",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9613"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459"
},
{
"name": "sharutils-temp-file-symlink(19957)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19957"
},
{
"name": "12981",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12981"
},
{
"name": "USN-104-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/104-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412"
},
{
"name": "RHSA-2005:377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9613",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9613"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459"
},
{
"name": "sharutils-temp-file-symlink(19957)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19957"
},
{
"name": "12981",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12981"
},
{
"name": "USN-104-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/104-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412"
},
{
"name": "RHSA-2005:377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:9613",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9613"
},
{
"name": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459",
"refsource": "MISC",
"url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459"
},
{
"name": "sharutils-temp-file-symlink(19957)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19957"
},
{
"name": "12981",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12981"
},
{
"name": "USN-104-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/104-1/"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412"
},
{
"name": "RHSA-2005:377",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0990",
"datePublished": "2005-04-06T04:00:00.000Z",
"dateReserved": "2005-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:35:59.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1773 (GCVE-0-2004-1773)
Vulnerability from cvelistv5 – Published: 2005-03-28 05:00 – Updated: 2024-08-08 01:00
VLAI
Summary
Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugzilla.fedora.us/show_bug.cgi?id=2155 | vendor-advisoryx_refsource_FEDORA |
| http://security.gentoo.org/glsa/glsa-200410-01.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/11298 | vdb-entryx_refsource_BID |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.redhat.com/support/errata/RHSA-2005-377.html | vendor-advisoryx_refsource_REDHAT |
Date Public
2004-10-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FLSA:2155",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"name": "GLSA-200410-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200410-01.xml"
},
{
"name": "11298",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11298"
},
{
"name": "oval:org.mitre.oval:def:11093",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093"
},
{
"name": "RHSA-2005:377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FLSA:2155",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"name": "GLSA-200410-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200410-01.xml"
},
{
"name": "11298",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11298"
},
{
"name": "oval:org.mitre.oval:def:11093",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093"
},
{
"name": "RHSA-2005:377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FLSA:2155",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"name": "GLSA-200410-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200410-01.xml"
},
{
"name": "11298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11298"
},
{
"name": "oval:org.mitre.oval:def:11093",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093"
},
{
"name": "RHSA-2005:377",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1773",
"datePublished": "2005-03-28T05:00:00.000Z",
"dateReserved": "2005-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:00:37.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1772 (GCVE-0-2004-1772)
Vulnerability from cvelistv5 – Published: 2005-03-28 05:00 – Updated: 2024-08-08 01:00
VLAI
Summary
Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=108137386310299&w=2 | vendor-advisoryx_refsource_OPENPKG |
| https://bugzilla.fedora.us/show_bug.cgi?id=2155 | vendor-advisoryx_refsource_FEDORA |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.securityfocus.com/bid/10066 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/359639 | mailing-listx_refsource_BUGTRAQ |
| http://www.redhat.com/support/errata/RHSA-2005-377.html | vendor-advisoryx_refsource_REDHAT |
Date Public
2004-04-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "OpenPKG-SA-2004.011",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108137386310299\u0026w=2"
},
{
"name": "FLSA:2155",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"name": "oval:org.mitre.oval:def:11722",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722"
},
{
"name": "10066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10066"
},
{
"name": "sharutils-shar-bo(15759)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15759"
},
{
"name": "20040406 GNU Sharutils buffer overflow vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/359639"
},
{
"name": "RHSA-2005:377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "OpenPKG-SA-2004.011",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108137386310299\u0026w=2"
},
{
"name": "FLSA:2155",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"name": "oval:org.mitre.oval:def:11722",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722"
},
{
"name": "10066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10066"
},
{
"name": "sharutils-shar-bo(15759)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15759"
},
{
"name": "20040406 GNU Sharutils buffer overflow vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/359639"
},
{
"name": "RHSA-2005:377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "OpenPKG-SA-2004.011",
"refsource": "OPENPKG",
"url": "http://marc.info/?l=bugtraq\u0026m=108137386310299\u0026w=2"
},
{
"name": "FLSA:2155",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"name": "oval:org.mitre.oval:def:11722",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722"
},
{
"name": "10066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10066"
},
{
"name": "sharutils-shar-bo(15759)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15759"
},
{
"name": "20040406 GNU Sharutils buffer overflow vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/359639"
},
{
"name": "RHSA-2005:377",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1772",
"datePublished": "2005-03-28T05:00:00.000Z",
"dateReserved": "2005-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:00:37.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0178 (GCVE-0-2002-0178)
Vulnerability from cvelistv5 – Published: 2003-04-02 05:00 – Updated: 2024-08-08 02:42
VLAI
Summary
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA… | vendor-advisoryx_refsource_CALDERA |
| http://www.securityfocus.com/bid/4742 | vdb-entryx_refsource_BID |
| http://marc.info/?l=bugtraq&m=103599320902432&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.linux-mandrake.com/en/security/2002/MD… | vendor-advisoryx_refsource_MANDRAKE |
| http://www.redhat.com/support/errata/RHSA-2003-180.html | vendor-advisoryx_refsource_REDHAT |
| http://www.kb.cert.org/vuls/id/336083 | third-party-advisoryx_refsource_CERT-VN |
| http://www.osvdb.org/8274 | vdb-entryx_refsource_OSVDB |
| http://www.aerasec.de/security/index.html?id=ae-2… | x_refsource_MISC |
| http://www.redhat.com/support/errata/RHSA-2002-065.html | vendor-advisoryx_refsource_REDHAT |
| http://www.iss.net/security_center/static/9075.php | vdb-entryx_refsource_XF |
| http://online.securityfocus.com/advisories/4132 | vendor-advisoryx_refsource_HP |
Date Public
2002-05-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:27.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CSSA-2002-040.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt"
},
{
"name": "4742",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4742"
},
{
"name": "20021030 GLSA: sharutils",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103599320902432\u0026w=2"
},
{
"name": "MDKSA-2002:052",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php"
},
{
"name": "RHSA-2003:180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-180.html"
},
{
"name": "VU#336083",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/336083"
},
{
"name": "8274",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/8274"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en"
},
{
"name": "RHSA-2002:065",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-065.html"
},
{
"name": "sharutils-uudecode-symlink(9075)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9075.php"
},
{
"name": "HPSBTL0205-040",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://online.securityfocus.com/advisories/4132"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-20T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CSSA-2002-040.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt"
},
{
"name": "4742",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4742"
},
{
"name": "20021030 GLSA: sharutils",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103599320902432\u0026w=2"
},
{
"name": "MDKSA-2002:052",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php"
},
{
"name": "RHSA-2003:180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-180.html"
},
{
"name": "VU#336083",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/336083"
},
{
"name": "8274",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/8274"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en"
},
{
"name": "RHSA-2002:065",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-065.html"
},
{
"name": "sharutils-uudecode-symlink(9075)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9075.php"
},
{
"name": "HPSBTL0205-040",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://online.securityfocus.com/advisories/4132"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CSSA-2002-040.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt"
},
{
"name": "4742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4742"
},
{
"name": "20021030 GLSA: sharutils",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103599320902432\u0026w=2"
},
{
"name": "MDKSA-2002:052",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php"
},
{
"name": "RHSA-2003:180",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-180.html"
},
{
"name": "VU#336083",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/336083"
},
{
"name": "8274",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8274"
},
{
"name": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en",
"refsource": "MISC",
"url": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en"
},
{
"name": "RHSA-2002:065",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-065.html"
},
{
"name": "sharutils-uudecode-symlink(9075)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9075.php"
},
{
"name": "HPSBTL0205-040",
"refsource": "HP",
"url": "http://online.securityfocus.com/advisories/4132"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0178",
"datePublished": "2003-04-02T05:00:00.000Z",
"dateReserved": "2002-04-17T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:42:27.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000097 (GCVE-0-2018-1000097)
Vulnerability from nvd – Published: 2018-03-13 01:00 – Updated: 2024-08-05 12:33
VLAI
Summary
Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://usn.ubuntu.com/3605-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://www.debian.org/security/2018/dsa-4167 | vendor-advisoryx_refsource_DEBIAN |
| http://seclists.org/bugtraq/2018/Feb/54 | mailing-listx_refsource_BUGTRAQ |
Date Public
2018-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:49.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3605-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3605-1/"
},
{
"name": "DSA-4167",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4167"
},
{
"name": "20180221 Sharutils 4.15.2 Heap-Buffer-Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2018/Feb/54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-02-21T00:00:00.000Z",
"datePublic": "2018-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file.."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-06T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3605-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3605-1/"
},
{
"name": "DSA-4167",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4167"
},
{
"name": "20180221 Sharutils 4.15.2 Heap-Buffer-Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2018/Feb/54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2/21/2018 8:54:32",
"ID": "CVE-2018-1000097",
"REQUESTER": "nafiez.skins@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file.."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3605-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3605-1/"
},
{
"name": "DSA-4167",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4167"
},
{
"name": "20180221 Sharutils 4.15.2 Heap-Buffer-Overflow",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2018/Feb/54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000097",
"datePublished": "2018-03-13T01:00:00.000Z",
"dateReserved": "2018-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:33:49.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0990 (GCVE-0-2005-0990)
Vulnerability from nvd – Published: 2005-04-06 04:00 – Updated: 2024-08-07 21:35
VLAI
Summary
unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| https://bugzilla.ubuntu.com/show_bug.cgi?id=8459 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/12981 | vdb-entryx_refsource_BID |
| https://usn.ubuntu.com/104-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412 | x_refsource_MISC |
| http://www.redhat.com/support/errata/RHSA-2005-377.html | vendor-advisoryx_refsource_REDHAT |
Date Public
2005-04-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9613",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9613"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459"
},
{
"name": "sharutils-temp-file-symlink(19957)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19957"
},
{
"name": "12981",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12981"
},
{
"name": "USN-104-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/104-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412"
},
{
"name": "RHSA-2005:377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9613",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9613"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459"
},
{
"name": "sharutils-temp-file-symlink(19957)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19957"
},
{
"name": "12981",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12981"
},
{
"name": "USN-104-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/104-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412"
},
{
"name": "RHSA-2005:377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:9613",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9613"
},
{
"name": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459",
"refsource": "MISC",
"url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459"
},
{
"name": "sharutils-temp-file-symlink(19957)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19957"
},
{
"name": "12981",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12981"
},
{
"name": "USN-104-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/104-1/"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412"
},
{
"name": "RHSA-2005:377",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0990",
"datePublished": "2005-04-06T04:00:00.000Z",
"dateReserved": "2005-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:35:59.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1773 (GCVE-0-2004-1773)
Vulnerability from nvd – Published: 2005-03-28 05:00 – Updated: 2024-08-08 01:00
VLAI
Summary
Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugzilla.fedora.us/show_bug.cgi?id=2155 | vendor-advisoryx_refsource_FEDORA |
| http://security.gentoo.org/glsa/glsa-200410-01.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/11298 | vdb-entryx_refsource_BID |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.redhat.com/support/errata/RHSA-2005-377.html | vendor-advisoryx_refsource_REDHAT |
Date Public
2004-10-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FLSA:2155",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"name": "GLSA-200410-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200410-01.xml"
},
{
"name": "11298",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11298"
},
{
"name": "oval:org.mitre.oval:def:11093",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093"
},
{
"name": "RHSA-2005:377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FLSA:2155",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"name": "GLSA-200410-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200410-01.xml"
},
{
"name": "11298",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11298"
},
{
"name": "oval:org.mitre.oval:def:11093",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093"
},
{
"name": "RHSA-2005:377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FLSA:2155",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"name": "GLSA-200410-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200410-01.xml"
},
{
"name": "11298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11298"
},
{
"name": "oval:org.mitre.oval:def:11093",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093"
},
{
"name": "RHSA-2005:377",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1773",
"datePublished": "2005-03-28T05:00:00.000Z",
"dateReserved": "2005-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:00:37.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1772 (GCVE-0-2004-1772)
Vulnerability from nvd – Published: 2005-03-28 05:00 – Updated: 2024-08-08 01:00
VLAI
Summary
Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=108137386310299&w=2 | vendor-advisoryx_refsource_OPENPKG |
| https://bugzilla.fedora.us/show_bug.cgi?id=2155 | vendor-advisoryx_refsource_FEDORA |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.securityfocus.com/bid/10066 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/359639 | mailing-listx_refsource_BUGTRAQ |
| http://www.redhat.com/support/errata/RHSA-2005-377.html | vendor-advisoryx_refsource_REDHAT |
Date Public
2004-04-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "OpenPKG-SA-2004.011",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108137386310299\u0026w=2"
},
{
"name": "FLSA:2155",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"name": "oval:org.mitre.oval:def:11722",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722"
},
{
"name": "10066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10066"
},
{
"name": "sharutils-shar-bo(15759)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15759"
},
{
"name": "20040406 GNU Sharutils buffer overflow vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/359639"
},
{
"name": "RHSA-2005:377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "OpenPKG-SA-2004.011",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108137386310299\u0026w=2"
},
{
"name": "FLSA:2155",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"name": "oval:org.mitre.oval:def:11722",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722"
},
{
"name": "10066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10066"
},
{
"name": "sharutils-shar-bo(15759)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15759"
},
{
"name": "20040406 GNU Sharutils buffer overflow vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/359639"
},
{
"name": "RHSA-2005:377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "OpenPKG-SA-2004.011",
"refsource": "OPENPKG",
"url": "http://marc.info/?l=bugtraq\u0026m=108137386310299\u0026w=2"
},
{
"name": "FLSA:2155",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
},
{
"name": "oval:org.mitre.oval:def:11722",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722"
},
{
"name": "10066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10066"
},
{
"name": "sharutils-shar-bo(15759)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15759"
},
{
"name": "20040406 GNU Sharutils buffer overflow vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/359639"
},
{
"name": "RHSA-2005:377",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1772",
"datePublished": "2005-03-28T05:00:00.000Z",
"dateReserved": "2005-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:00:37.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0178 (GCVE-0-2002-0178)
Vulnerability from nvd – Published: 2003-04-02 05:00 – Updated: 2024-08-08 02:42
VLAI
Summary
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA… | vendor-advisoryx_refsource_CALDERA |
| http://www.securityfocus.com/bid/4742 | vdb-entryx_refsource_BID |
| http://marc.info/?l=bugtraq&m=103599320902432&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.linux-mandrake.com/en/security/2002/MD… | vendor-advisoryx_refsource_MANDRAKE |
| http://www.redhat.com/support/errata/RHSA-2003-180.html | vendor-advisoryx_refsource_REDHAT |
| http://www.kb.cert.org/vuls/id/336083 | third-party-advisoryx_refsource_CERT-VN |
| http://www.osvdb.org/8274 | vdb-entryx_refsource_OSVDB |
| http://www.aerasec.de/security/index.html?id=ae-2… | x_refsource_MISC |
| http://www.redhat.com/support/errata/RHSA-2002-065.html | vendor-advisoryx_refsource_REDHAT |
| http://www.iss.net/security_center/static/9075.php | vdb-entryx_refsource_XF |
| http://online.securityfocus.com/advisories/4132 | vendor-advisoryx_refsource_HP |
Date Public
2002-05-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:27.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CSSA-2002-040.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt"
},
{
"name": "4742",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4742"
},
{
"name": "20021030 GLSA: sharutils",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103599320902432\u0026w=2"
},
{
"name": "MDKSA-2002:052",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php"
},
{
"name": "RHSA-2003:180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-180.html"
},
{
"name": "VU#336083",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/336083"
},
{
"name": "8274",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/8274"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en"
},
{
"name": "RHSA-2002:065",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-065.html"
},
{
"name": "sharutils-uudecode-symlink(9075)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9075.php"
},
{
"name": "HPSBTL0205-040",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://online.securityfocus.com/advisories/4132"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-20T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CSSA-2002-040.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt"
},
{
"name": "4742",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4742"
},
{
"name": "20021030 GLSA: sharutils",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103599320902432\u0026w=2"
},
{
"name": "MDKSA-2002:052",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php"
},
{
"name": "RHSA-2003:180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-180.html"
},
{
"name": "VU#336083",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/336083"
},
{
"name": "8274",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/8274"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en"
},
{
"name": "RHSA-2002:065",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-065.html"
},
{
"name": "sharutils-uudecode-symlink(9075)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9075.php"
},
{
"name": "HPSBTL0205-040",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://online.securityfocus.com/advisories/4132"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CSSA-2002-040.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt"
},
{
"name": "4742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4742"
},
{
"name": "20021030 GLSA: sharutils",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103599320902432\u0026w=2"
},
{
"name": "MDKSA-2002:052",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php"
},
{
"name": "RHSA-2003:180",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-180.html"
},
{
"name": "VU#336083",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/336083"
},
{
"name": "8274",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8274"
},
{
"name": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en",
"refsource": "MISC",
"url": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en"
},
{
"name": "RHSA-2002:065",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-065.html"
},
{
"name": "sharutils-uudecode-symlink(9075)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9075.php"
},
{
"name": "HPSBTL0205-040",
"refsource": "HP",
"url": "http://online.securityfocus.com/advisories/4132"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0178",
"datePublished": "2003-04-02T05:00:00.000Z",
"dateReserved": "2002-04-17T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:42:27.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}