Executive Summary
| Summary | |
|---|---|
| Title | shar vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | USN-102-1 | First vendor Publication | 2005-03-29 |
| Vendor | Ubuntu | Last vendor Modification | 2005-03-29 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | Not Defined | Attack Range | Not Defined |
| Cvss Impact Score | Not Defined | Attack Complexity | Not Defined |
| Cvss Expoit Score | Not Defined | Authentication | Not Defined |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: sharutils The problem can be corrected by upgrading the affected package to version 1:4.2.1-10ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Shaun Colley discovered a buffer overflow in "shar" that was triggered by output files (specified with -o) with names longer than 49 characters. This could be exploited to run arbitrary attacker specified code on systems that automatically process uploaded files with shar. Ulf Harnhammar discovered that shar does not check the data length returned by the 'wc' command. However, it is believed that this cannot actually be exploited on real systems. |
Original Source
| Url : http://www.ubuntu.com/usn/USN-102-1 |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:58:05 |
|
