1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200410-01 / sharutils |
| Release Date | October 01, 2004 |
| Latest Revision | May 22, 2006: 02 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| app-arch/sharutils | <= 4.2.1-r9 | >= 4.2.1-r10 | All supported architectures |
Related bugreports: #65773
sharutils contains two buffer overflow vulnerabilities that could lead to arbitrary code execution.
sharutils contains utilities to manage shell archives.
sharutils contains two buffer overflows. Ulf Harnhammar discovered a buffer overflow in shar.c, where the length of data returned by the wc command is not checked. Florian Schilhabel discovered another buffer overflow in unshar.c.
An attacker could exploit these vulnerabilities to execute arbitrary code as the user running one of the sharutils programs.
There is no known workaround at this time.
All sharutils users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge sync # emerge -pv ">=app-arch/sharutils-4.2.1-r10" # emerge ">=app-arch/sharutils-4.2.1-r10" |