GNU Sharutils shar Command Line Parsing Buffer Overflow Vulnerability
BID:10066
Info
GNU Sharutils shar Command Line Parsing Buffer Overflow Vulnerability
| Bugtraq ID: | 10066 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-1772 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 06 2004 12:00AM |
| Updated: | Feb 22 2007 06:06PM |
| Credit: | Disclosure of this issue is credited to Shaun Colley <[email protected]>. |
| Vulnerable: |
Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 SGI ProPack 3.0 Redhat Fedora Core3 Redhat Fedora Core2 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 GNU sharutils 4.2.1 Avaya S8710 R2.0.1 Avaya S8710 R2.0.0 Avaya S8700 R2.0.1 Avaya S8700 R2.0.0 Avaya S8500 R2.0.1 Avaya S8500 R2.0.0 Avaya S8300 R2.0.1 Avaya S8300 R2.0.0 Avaya Modular Messaging (MSS) 2.0 Avaya Modular Messaging (MSS) 1.1 Avaya MN100 Avaya Intuity LX Avaya Converged Communications Server 2.0 |
| Not Vulnerable: | |
Discussion
GNU Sharutils shar Command Line Parsing Buffer Overflow Vulnerability
The 'shar' utility is reported prone to a command line parsing buffer-overflow vulnerability when parsing commands. This issue occurs because the utility fails to properly validate the size of user-supplied strings before copying them to a finite buffer.
Note that 'shar' is not in itself a setuid or setgid application. However, an application that is setuid or setgid may invoke this utility with user-supplied arguments.
Successful exploitation would immediately produce a denial-of-service condition in the affected process. Attackers may also leverage this issue to execute code on the affected system with the privileges of the user that invoked the vulnerable application.
The 'shar' utility is reported prone to a command line parsing buffer-overflow vulnerability when parsing commands. This issue occurs because the utility fails to properly validate the size of user-supplied strings before copying them to a finite buffer.
Note that 'shar' is not in itself a setuid or setgid application. However, an application that is setuid or setgid may invoke this utility with user-supplied arguments.
Successful exploitation would immediately produce a denial-of-service condition in the affected process. Attackers may also leverage this issue to execute code on the affected system with the privileges of the user that invoked the vulnerable application.
Exploit / POC
GNU Sharutils shar Command Line Parsing Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
GNU Sharutils shar Command Line Parsing Buffer Overflow Vulnerability
Solution:
Please see the referenced advisories for more information.
GNU sharutils 4.2.1
Solution:
Please see the referenced advisories for more information.
GNU sharutils 4.2.1
-
Fedora sharutils-4.2.1-18.1.FC2.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora sharutils-4.2.1-18.1.FC2.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora sharutils-4.2.1-22.1.FC3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora sharutils-4.2.1-22.1.FC3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora sharutils-debuginfo-4.2.1-18.1.FC2.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora sharutils-debuginfo-4.2.1-18.1.FC2.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora sharutils-debuginfo-4.2.1-22.1.FC3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora sharutils-debuginfo-4.2.1-22.1.FC3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Mandrake sharutils-4.2.1-14.1.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake sharutils-4.2.1-14.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake sharutils-4.2.1-14.1.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake sharutils-4.2.1-14.1.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake sharutils-4.2.1-14.1.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake sharutils-4.2.1-14.1.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake sharutils-4.2.1-17.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake sharutils-4.2.1-17.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
OpenPKG sharutils-4.2.1-2.0.1.src.rpm
ftp://ftp.openpkg.org/release/2.0/UPD/sharutils-4.2.1-2.0.1.src.rpm -
Ubuntu sharutils-doc_4.2.1-10ubuntu0.1_all.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils-doc_ 4.2.1-10ubuntu0.1_all.deb -
Ubuntu sharutils_4.2.1-10ubuntu0.1_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2. 1-10ubuntu0.1_amd64.deb -
Ubuntu sharutils_4.2.1-10ubuntu0.1_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2. 1-10ubuntu0.1_i386.deb -
Ubuntu sharutils_4.2.1-10ubuntu0.1_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2. 1-10ubuntu0.1_powerpc.deb
References
GNU Sharutils shar Command Line Parsing Buffer Overflow Vulnerability
References:
References:
- ASA-2005-135 - sharutils (Avaya)
- GNU Sharutils Home Page (GNU)
- RHSA-2005:377-07 - sharutils security update (Red Hat)
- GNU Sharutils buffer overflow vulnerability. (Shaun Colley
)