Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0178

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2002-0178
Last Modified 10 Sep 2008 08:00:38
Published 29 May 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-0178

Summary

uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.

Vulnerable Systems

Application

  • Gnu Sharutils 4.2


References

CERT-VN - VU#336083

REDHAT - RHSA-2002:065

BID - 4742

REDHAT - RHSA-2003:180

OSVDB - 8274

MANDRAKE - MDKSA-2002:052

XF - sharutils-uudecode-symlink(9075)

MISC - http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en

HP - HPSBTL0205-040

BUGTRAQ - 20021030 GLSA: sharutils

CALDERA - CSSA-2002-040.0


Last Updated: 27 May 2016 10:36:48