xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
English Version
 最近严重漏洞 
Microsoft RPC接口远程任意代码可执行漏洞
Cisco IOS接口不正确处理IPV4包远程拒绝服务漏洞
Microsoft Windows CreateFile API命名管道权限提升漏洞

GNU SharUtils UUDecode符号连接攻击漏洞


发布时间:2002-12-09
更新时间:2002-12-09
严重程度:
威胁程度:本地拒绝服务
错误类型:设计错误
利用方式:服务器模式

BUGTRAQ ID:4742
CVE(CAN) ID:CAN-2002-0178

受影响系统
Caldera OpenLinux Server 3.1
Caldera OpenLinux Server 3.1.1
Caldera OpenLinux Workstation 3.1
Caldera OpenLinux Workstation 3.1.1
Compaq Tru64 4.0 g PK3 (BL17)
Compaq Tru64 4.0 f PK7 (BL18)
Compaq Tru64 5.0 a PK3 (BL17)
Compaq Tru64 5.1 a PK3 (BL3)
Compaq Tru64 5.1 PK5 (BL19)
GNU sharutils 4.2
   + HP Secure OS software for Linux 1.0
   + RedHat Linux 6.2 alpha
   + RedHat Linux 6.2 i386
   + RedHat Linux 6.2 sparc
   + RedHat Linux 7.0 alpha
   + RedHat Linux 7.0 i386
   + RedHat Linux 7.1 alpha
   + RedHat Linux 7.1 i386
   + RedHat Linux 7.1 ia64
   + RedHat Linux 7.2 i386
   + RedHat Linux 7.2 ia64
详细描述
Sharutils是一个免费的自由开放源代码的工具套件。可以用于UNIX和LINUX操作系统。

    在解码经过uuencode文件的时候,uudecode没有检查从解码文档中存在的文件。因此解码文件可能覆盖临时目录中的另一个文件,只要解码用户有该文件的写权限。

测试代码
尚无

解决方案
下载相关的补丁:

Caldera OpenLinux Workstation 3.1:

SCO Upgrade sharutils-4.2.1-7MR.1.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-040.0/RPMS

SCO Upgrade sharutils-4.2.1-7MR.1.src.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-040.0/SRPMS

Caldera OpenLinux Server 3.1:

SCO Upgrade sharutils-4.2.1-7MR.1.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-040.0/RPMS

SCO Upgrade sharutils-4.2.1-7MR.1.src.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-040.0/SRPMS

Caldera OpenLinux Server 3.1.1:

SCO Upgrade sharutils-4.2.1-7MR.1.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-040.0/RPMS

SCO Upgrade sharutils-4.2.1-7MR.1.src.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-040.0/SRPMS

Caldera OpenLinux Workstation 3.1.1:

SCO Upgrade sharutils-4.2.1-7MR.1.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-040.0/RPMS

SCO Upgrade sharutils-4.2.1-7MR.1.src.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-040.0/SRPMS

Compaq Tru64 4.0 g PK3 (BL17):

HP Patch t64v40gb17-c0020202-16068-es-20021114.tar
http://ftp.support.compaq.com/patches/public/unix/v4.0g/t64v40gb17-c0020202-16068-es-20021114.tar

Compaq Tru64 4.0 f PK7 (BL18):

HP Patch duv40fb18-c0082402-16085-es-20021115.tar
http://ftp.support.compaq.com/patches/public/unix/v4.0f/duv40fb18-c0082402-16085-es-20021115.tar

Compaq Tru64 5.0 a PK3 (BL17):

HP Patch t64v50ab17-c0023802-16066-es-20021114.tar
http://ftp.support.compaq.com/patches/public/unix/v5.0a/t64v50ab17-c0023802-16066-es-20021114.tar

Compaq Tru64 5.1 a PK3 (BL3):

HP Patch t64v51ab3-c0055902-16064-es-20021114.tar
http://ftp.support.compaq.com/patches/public/unix/v5.1a/t64v51ab3-c0055902-16064-es-20021114.tar

Compaq Tru64 5.1 PK5 (BL19):

HP Patch t64v51b19-c0142502-16065-es-20021114.tar
http://ftp.support.compaq.com/patches/public/unix/v5.1/t64v51b19-c0142502-16065-es-20021114.tar

GNU sharutils 4.2:

Red Hat RPM sharutils-4.2.1-2.6.x.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/sharutils-4.2.1-2.6.x.alpha.rpm

Red Hat RPM sharutils-4.2.1-2.6.x.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/sharutils-4.2.1-2.6.x.i386.rpm

Red Hat RPM sharutils-4.2.1-2.6.x.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/sharutils-4.2.1-2.6.x.sparc.rpm

Red Hat RPM sharutils-4.2.1-8.7.x.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/sharutils-4.2.1-8.7.x.alpha.rpm

Red Hat RPM sharutils-4.2.1-8.7.x.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/sharutils-4.2.1-8.7.x.i386.rpm

Red Hat RPM sharutils-4.2.1-8.7.x.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/sharutils-4.2.1-8.7.x.alpha.rpm

Red Hat RPM sharutils-4.2.1-8.7.x.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/sharutils-4.2.1-8.7.x.i386.rpm

Red Hat RPM sharutils-4.2.1-8.7.x.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/sharutils-4.2.1-8.7.x.ia64.rpm

Red Hat RPM sharutils-4.2.1-8.7.x.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/i386/sharutils-4.2.1-8.7.x.i386.rpm

Red Hat RPM sharutils-4.2.1-8.7.x.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/sharutils-4.2.1-8.7.x.ia64.rpm

Mandrake RPM sharutils-4.2.1-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
x86 7.1

Mandrake RPM sharutils-4.2.1-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
x86 7.2

Mandrake RPM sharutils-4.2.1-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
x86 8.0

Mandrake RPM sharutils-4.2.1-8.1mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php
ppc 8.0

Mandrake RPM sharutils-4.2.1-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
x86 8.1

Mandrake RPM sharutils-4.2.1-8.1mdk.ia64.rpm
http://www.mandrakesecure.net/en/ftp.php
ia64 8.1

Mandrake RPM sharutils-4.2.1-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
x86 8.2

Mandrake RPM sharutils-4.2.1-8.1mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php
ppc 8.2

Mandrake RPM sharutils-4.2.1-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Corporate Server 1.0.1

Mandrake RPM sharutils-4.2.1-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
snf 7.2

相关信息
相关连接:

http://online.securityfocus.com/advisories/4619

HPSBTL0205-040: Security vulnerability in sharutils
http://online.securityfocus.com/advisories/4132

MDKSA-2002:052: sharutils update
http://online.securityfocus.com/advisories/4399

R
Copyright © 1998-2003 XFOCUS Team. All Rights Reserved