Ubuntu 4.10 : sharutils vulnerabilities (USN-102-1)

Ubuntu Security Notice (C) 2005-2013 Canonical, Inc. / NASL script (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Shaun Colley discovered a buffer overflow in 'shar' that was triggered
by output files (specified with -o) with names longer than 49
characters. This could be exploited to run arbitrary attacker
specified code on systems that automatically process uploaded files
with shar.

Ulf Harnhammar discovered that shar does not check the data length
returned by the 'wc' command. However, it is believed that this cannot
actually be exploited on real systems.

Solution :

Update the affected sharutils and / or sharutils-doc packages.

Risk factor :

High

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 20488 ()

Bugtraq ID:

CVE ID: