USN-102-1: shar vulnerabilities
29 March 2005
shar vulnerabilities
Releases
Details
Shaun Colley discovered a buffer overflow in "shar" that was triggered
by output files (specified with -o) with names longer than 49
characters. This could be exploited to run arbitrary attacker
specified code on systems that automatically process uploaded files
with shar.
Ulf Harnhammar discovered that shar does not check the data length
returned by the 'wc' command. However, it is believed that this cannot
actually be exploited on real systems.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 4.10
-
sharutils
-
In general, a standard system update will make all the necessary changes.