Mandrake Linux Security Advisory : sharutils (MDKSA-2002:052)
High Nessus Plugin ID 13955
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionThe uudecode utility creates output files without checking to see if it is about to write to a symlink or pipe. This could be exploited by a local attacker to overwrite files or lead to privilege escalation if users decode data into share directories, such as /tmp. This update fixes this vulnerability by checking to see if the destination output file is a symlink or pipe.
SolutionUpdate the affected sharutils package.