Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

CVE-2018-1000097 (GCVE-0-2018-1000097)

Vulnerability from nvd – Published: 2018-03-13 01:00 – Updated: 2024-08-05 12:33

Summary

Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://usn.ubuntu.com/3605-1/	vendor-advisoryx_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4167	vendor-advisoryx_refsource_DEBIAN
	http://seclists.org/bugtraq/2018/Feb/54	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:33:49.183Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3605-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3605-1/"
          },
          {
            "name": "DSA-4167",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4167"
          },
          {
            "name": "20180221 Sharutils 4.15.2 Heap-Buffer-Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2018/Feb/54"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2018-02-21T00:00:00",
      "datePublic": "2018-03-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file.."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-06T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3605-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3605-1/"
        },
        {
          "name": "DSA-4167",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4167"
        },
        {
          "name": "20180221 Sharutils 4.15.2 Heap-Buffer-Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2018/Feb/54"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2/21/2018 8:54:32",
          "ID": "CVE-2018-1000097",
          "REQUESTER": "nafiez.skins@gmail.com",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file.."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3605-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3605-1/"
            },
            {
              "name": "DSA-4167",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4167"
            },
            {
              "name": "20180221 Sharutils 4.15.2 Heap-Buffer-Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2018/Feb/54"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-1000097",
    "datePublished": "2018-03-13T01:00:00",
    "dateReserved": "2018-03-12T00:00:00",
    "dateUpdated": "2024-08-05T12:33:49.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-0990 (GCVE-0-2005-0990)

Vulnerability from nvd – Published: 2005-04-06 04:00 – Updated: 2024-08-07 21:35

Summary

unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://bugzilla.ubuntu.com/show_bug.cgi?id=8459	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/12981	vdb-entryx_refsource_BID
	https://usn.ubuntu.com/104-1/	vendor-advisoryx_refsource_UBUNTU
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412	x_refsource_MISC
	http://www.redhat.com/support/errata/RHSA-2005-377.html	vendor-advisoryx_refsource_REDHAT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:35:59.546Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:9613",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9613"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459"
          },
          {
            "name": "sharutils-temp-file-symlink(19957)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19957"
          },
          {
            "name": "12981",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/12981"
          },
          {
            "name": "USN-104-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/104-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412"
          },
          {
            "name": "RHSA-2005:377",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-04-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:9613",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9613"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459"
        },
        {
          "name": "sharutils-temp-file-symlink(19957)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19957"
        },
        {
          "name": "12981",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/12981"
        },
        {
          "name": "USN-104-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/104-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412"
        },
        {
          "name": "RHSA-2005:377",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-0990",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:9613",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9613"
            },
            {
              "name": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459",
              "refsource": "MISC",
              "url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459"
            },
            {
              "name": "sharutils-temp-file-symlink(19957)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19957"
            },
            {
              "name": "12981",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/12981"
            },
            {
              "name": "USN-104-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/104-1/"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412",
              "refsource": "MISC",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412"
            },
            {
              "name": "RHSA-2005:377",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-0990",
    "datePublished": "2005-04-06T04:00:00",
    "dateReserved": "2005-04-06T00:00:00",
    "dateUpdated": "2024-08-07T21:35:59.546Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-1773 (GCVE-0-2004-1773)

Vulnerability from nvd – Published: 2005-03-28 05:00 – Updated: 2024-08-08 01:00

Summary

Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://bugzilla.fedora.us/show_bug.cgi?id=2155	vendor-advisoryx_refsource_FEDORA
	http://security.gentoo.org/glsa/glsa-200410-01.xml	vendor-advisoryx_refsource_GENTOO
	http://www.securityfocus.com/bid/11298	vdb-entryx_refsource_BID
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2005-377.html	vendor-advisoryx_refsource_REDHAT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:00:37.314Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FLSA:2155",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
          },
          {
            "name": "GLSA-200410-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200410-01.xml"
          },
          {
            "name": "11298",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11298"
          },
          {
            "name": "oval:org.mitre.oval:def:11093",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093"
          },
          {
            "name": "RHSA-2005:377",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-10-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "FLSA:2155",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
        },
        {
          "name": "GLSA-200410-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200410-01.xml"
        },
        {
          "name": "11298",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11298"
        },
        {
          "name": "oval:org.mitre.oval:def:11093",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093"
        },
        {
          "name": "RHSA-2005:377",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1773",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FLSA:2155",
              "refsource": "FEDORA",
              "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
            },
            {
              "name": "GLSA-200410-01",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200410-01.xml"
            },
            {
              "name": "11298",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11298"
            },
            {
              "name": "oval:org.mitre.oval:def:11093",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093"
            },
            {
              "name": "RHSA-2005:377",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1773",
    "datePublished": "2005-03-28T05:00:00",
    "dateReserved": "2005-03-29T00:00:00",
    "dateUpdated": "2024-08-08T01:00:37.314Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-1772 (GCVE-0-2004-1772)

Vulnerability from nvd – Published: 2005-03-28 05:00 – Updated: 2024-08-08 01:00

Summary

Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://marc.info/?l=bugtraq&m=108137386310299&w=2	vendor-advisoryx_refsource_OPENPKG
	https://bugzilla.fedora.us/show_bug.cgi?id=2155	vendor-advisoryx_refsource_FEDORA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/bid/10066	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/359639	mailing-listx_refsource_BUGTRAQ
	http://www.redhat.com/support/errata/RHSA-2005-377.html	vendor-advisoryx_refsource_REDHAT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:00:37.256Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenPKG-SA-2004.011",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENPKG",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108137386310299\u0026w=2"
          },
          {
            "name": "FLSA:2155",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
          },
          {
            "name": "oval:org.mitre.oval:def:11722",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722"
          },
          {
            "name": "10066",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10066"
          },
          {
            "name": "sharutils-shar-bo(15759)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15759"
          },
          {
            "name": "20040406 GNU Sharutils buffer overflow vulnerability.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/359639"
          },
          {
            "name": "RHSA-2005:377",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "OpenPKG-SA-2004.011",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENPKG"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=108137386310299\u0026w=2"
        },
        {
          "name": "FLSA:2155",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
        },
        {
          "name": "oval:org.mitre.oval:def:11722",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722"
        },
        {
          "name": "10066",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10066"
        },
        {
          "name": "sharutils-shar-bo(15759)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15759"
        },
        {
          "name": "20040406 GNU Sharutils buffer overflow vulnerability.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/359639"
        },
        {
          "name": "RHSA-2005:377",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1772",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "OpenPKG-SA-2004.011",
              "refsource": "OPENPKG",
              "url": "http://marc.info/?l=bugtraq\u0026m=108137386310299\u0026w=2"
            },
            {
              "name": "FLSA:2155",
              "refsource": "FEDORA",
              "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
            },
            {
              "name": "oval:org.mitre.oval:def:11722",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722"
            },
            {
              "name": "10066",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10066"
            },
            {
              "name": "sharutils-shar-bo(15759)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15759"
            },
            {
              "name": "20040406 GNU Sharutils buffer overflow vulnerability.",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/359639"
            },
            {
              "name": "RHSA-2005:377",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1772",
    "datePublished": "2005-03-28T05:00:00",
    "dateReserved": "2005-03-29T00:00:00",
    "dateUpdated": "2024-08-08T01:00:37.256Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-0178 (GCVE-0-2002-0178)

Vulnerability from nvd – Published: 2003-04-02 05:00 – Updated: 2024-08-08 02:42

Summary

uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA…	vendor-advisoryx_refsource_CALDERA
	http://www.securityfocus.com/bid/4742	vdb-entryx_refsource_BID
	http://marc.info/?l=bugtraq&m=103599320902432&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.linux-mandrake.com/en/security/2002/MD…	vendor-advisoryx_refsource_MANDRAKE
	http://www.redhat.com/support/errata/RHSA-2003-180.html	vendor-advisoryx_refsource_REDHAT
	http://www.kb.cert.org/vuls/id/336083	third-party-advisoryx_refsource_CERT-VN
	http://www.osvdb.org/8274	vdb-entryx_refsource_OSVDB
	http://www.aerasec.de/security/index.html?id=ae-2…	x_refsource_MISC
	http://www.redhat.com/support/errata/RHSA-2002-065.html	vendor-advisoryx_refsource_REDHAT
	http://www.iss.net/security_center/static/9075.php	vdb-entryx_refsource_XF
	http://online.securityfocus.com/advisories/4132	vendor-advisoryx_refsource_HP

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:42:27.761Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "CSSA-2002-040.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt"
          },
          {
            "name": "4742",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/4742"
          },
          {
            "name": "20021030 GLSA: sharutils",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=103599320902432\u0026w=2"
          },
          {
            "name": "MDKSA-2002:052",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php"
          },
          {
            "name": "RHSA-2003:180",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-180.html"
          },
          {
            "name": "VU#336083",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/336083"
          },
          {
            "name": "8274",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/8274"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en"
          },
          {
            "name": "RHSA-2002:065",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-065.html"
          },
          {
            "name": "sharutils-uudecode-symlink(9075)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/9075.php"
          },
          {
            "name": "HPSBTL0205-040",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/advisories/4132"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-05-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2003-03-20T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "CSSA-2002-040.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt"
        },
        {
          "name": "4742",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/4742"
        },
        {
          "name": "20021030 GLSA: sharutils",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=103599320902432\u0026w=2"
        },
        {
          "name": "MDKSA-2002:052",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php"
        },
        {
          "name": "RHSA-2003:180",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-180.html"
        },
        {
          "name": "VU#336083",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/336083"
        },
        {
          "name": "8274",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/8274"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en"
        },
        {
          "name": "RHSA-2002:065",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-065.html"
        },
        {
          "name": "sharutils-uudecode-symlink(9075)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/9075.php"
        },
        {
          "name": "HPSBTL0205-040",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://online.securityfocus.com/advisories/4132"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0178",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "CSSA-2002-040.0",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt"
            },
            {
              "name": "4742",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/4742"
            },
            {
              "name": "20021030 GLSA: sharutils",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=103599320902432\u0026w=2"
            },
            {
              "name": "MDKSA-2002:052",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php"
            },
            {
              "name": "RHSA-2003:180",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-180.html"
            },
            {
              "name": "VU#336083",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/336083"
            },
            {
              "name": "8274",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/8274"
            },
            {
              "name": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en",
              "refsource": "MISC",
              "url": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en"
            },
            {
              "name": "RHSA-2002:065",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-065.html"
            },
            {
              "name": "sharutils-uudecode-symlink(9075)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/9075.php"
            },
            {
              "name": "HPSBTL0205-040",
              "refsource": "HP",
              "url": "http://online.securityfocus.com/advisories/4132"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0178",
    "datePublished": "2003-04-02T05:00:00",
    "dateReserved": "2002-04-17T00:00:00",
    "dateUpdated": "2024-08-08T02:42:27.761Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1000097 (GCVE-0-2018-1000097)

Vulnerability from cvelistv5 – Published: 2018-03-13 01:00 – Updated: 2024-08-05 12:33

Summary

Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://usn.ubuntu.com/3605-1/	vendor-advisoryx_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4167	vendor-advisoryx_refsource_DEBIAN
	http://seclists.org/bugtraq/2018/Feb/54	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:33:49.183Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3605-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3605-1/"
          },
          {
            "name": "DSA-4167",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4167"
          },
          {
            "name": "20180221 Sharutils 4.15.2 Heap-Buffer-Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2018/Feb/54"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2018-02-21T00:00:00",
      "datePublic": "2018-03-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file.."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-06T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3605-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3605-1/"
        },
        {
          "name": "DSA-4167",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4167"
        },
        {
          "name": "20180221 Sharutils 4.15.2 Heap-Buffer-Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2018/Feb/54"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2/21/2018 8:54:32",
          "ID": "CVE-2018-1000097",
          "REQUESTER": "nafiez.skins@gmail.com",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file.."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3605-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3605-1/"
            },
            {
              "name": "DSA-4167",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4167"
            },
            {
              "name": "20180221 Sharutils 4.15.2 Heap-Buffer-Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2018/Feb/54"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-1000097",
    "datePublished": "2018-03-13T01:00:00",
    "dateReserved": "2018-03-12T00:00:00",
    "dateUpdated": "2024-08-05T12:33:49.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-0990 (GCVE-0-2005-0990)

Vulnerability from cvelistv5 – Published: 2005-04-06 04:00 – Updated: 2024-08-07 21:35

Summary

unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://bugzilla.ubuntu.com/show_bug.cgi?id=8459	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/12981	vdb-entryx_refsource_BID
	https://usn.ubuntu.com/104-1/	vendor-advisoryx_refsource_UBUNTU
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412	x_refsource_MISC
	http://www.redhat.com/support/errata/RHSA-2005-377.html	vendor-advisoryx_refsource_REDHAT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:35:59.546Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:9613",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9613"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459"
          },
          {
            "name": "sharutils-temp-file-symlink(19957)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19957"
          },
          {
            "name": "12981",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/12981"
          },
          {
            "name": "USN-104-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/104-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412"
          },
          {
            "name": "RHSA-2005:377",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-04-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:9613",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9613"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459"
        },
        {
          "name": "sharutils-temp-file-symlink(19957)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19957"
        },
        {
          "name": "12981",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/12981"
        },
        {
          "name": "USN-104-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/104-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412"
        },
        {
          "name": "RHSA-2005:377",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-0990",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:9613",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9613"
            },
            {
              "name": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459",
              "refsource": "MISC",
              "url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459"
            },
            {
              "name": "sharutils-temp-file-symlink(19957)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19957"
            },
            {
              "name": "12981",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/12981"
            },
            {
              "name": "USN-104-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/104-1/"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412",
              "refsource": "MISC",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412"
            },
            {
              "name": "RHSA-2005:377",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-0990",
    "datePublished": "2005-04-06T04:00:00",
    "dateReserved": "2005-04-06T00:00:00",
    "dateUpdated": "2024-08-07T21:35:59.546Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-1773 (GCVE-0-2004-1773)

Vulnerability from cvelistv5 – Published: 2005-03-28 05:00 – Updated: 2024-08-08 01:00

Summary

Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://bugzilla.fedora.us/show_bug.cgi?id=2155	vendor-advisoryx_refsource_FEDORA
	http://security.gentoo.org/glsa/glsa-200410-01.xml	vendor-advisoryx_refsource_GENTOO
	http://www.securityfocus.com/bid/11298	vdb-entryx_refsource_BID
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2005-377.html	vendor-advisoryx_refsource_REDHAT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:00:37.314Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FLSA:2155",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
          },
          {
            "name": "GLSA-200410-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200410-01.xml"
          },
          {
            "name": "11298",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11298"
          },
          {
            "name": "oval:org.mitre.oval:def:11093",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093"
          },
          {
            "name": "RHSA-2005:377",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-10-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "FLSA:2155",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
        },
        {
          "name": "GLSA-200410-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200410-01.xml"
        },
        {
          "name": "11298",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11298"
        },
        {
          "name": "oval:org.mitre.oval:def:11093",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093"
        },
        {
          "name": "RHSA-2005:377",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1773",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FLSA:2155",
              "refsource": "FEDORA",
              "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
            },
            {
              "name": "GLSA-200410-01",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200410-01.xml"
            },
            {
              "name": "11298",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11298"
            },
            {
              "name": "oval:org.mitre.oval:def:11093",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093"
            },
            {
              "name": "RHSA-2005:377",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1773",
    "datePublished": "2005-03-28T05:00:00",
    "dateReserved": "2005-03-29T00:00:00",
    "dateUpdated": "2024-08-08T01:00:37.314Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-1772 (GCVE-0-2004-1772)

Vulnerability from cvelistv5 – Published: 2005-03-28 05:00 – Updated: 2024-08-08 01:00

Summary

Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://marc.info/?l=bugtraq&m=108137386310299&w=2	vendor-advisoryx_refsource_OPENPKG
	https://bugzilla.fedora.us/show_bug.cgi?id=2155	vendor-advisoryx_refsource_FEDORA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/bid/10066	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/359639	mailing-listx_refsource_BUGTRAQ
	http://www.redhat.com/support/errata/RHSA-2005-377.html	vendor-advisoryx_refsource_REDHAT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:00:37.256Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenPKG-SA-2004.011",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENPKG",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108137386310299\u0026w=2"
          },
          {
            "name": "FLSA:2155",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
          },
          {
            "name": "oval:org.mitre.oval:def:11722",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722"
          },
          {
            "name": "10066",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10066"
          },
          {
            "name": "sharutils-shar-bo(15759)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15759"
          },
          {
            "name": "20040406 GNU Sharutils buffer overflow vulnerability.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/359639"
          },
          {
            "name": "RHSA-2005:377",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "OpenPKG-SA-2004.011",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENPKG"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=108137386310299\u0026w=2"
        },
        {
          "name": "FLSA:2155",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
        },
        {
          "name": "oval:org.mitre.oval:def:11722",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722"
        },
        {
          "name": "10066",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10066"
        },
        {
          "name": "sharutils-shar-bo(15759)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15759"
        },
        {
          "name": "20040406 GNU Sharutils buffer overflow vulnerability.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/359639"
        },
        {
          "name": "RHSA-2005:377",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1772",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "OpenPKG-SA-2004.011",
              "refsource": "OPENPKG",
              "url": "http://marc.info/?l=bugtraq\u0026m=108137386310299\u0026w=2"
            },
            {
              "name": "FLSA:2155",
              "refsource": "FEDORA",
              "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155"
            },
            {
              "name": "oval:org.mitre.oval:def:11722",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722"
            },
            {
              "name": "10066",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10066"
            },
            {
              "name": "sharutils-shar-bo(15759)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15759"
            },
            {
              "name": "20040406 GNU Sharutils buffer overflow vulnerability.",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/359639"
            },
            {
              "name": "RHSA-2005:377",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-377.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1772",
    "datePublished": "2005-03-28T05:00:00",
    "dateReserved": "2005-03-29T00:00:00",
    "dateUpdated": "2024-08-08T01:00:37.256Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-0178 (GCVE-0-2002-0178)

Vulnerability from cvelistv5 – Published: 2003-04-02 05:00 – Updated: 2024-08-08 02:42

Summary

uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA…	vendor-advisoryx_refsource_CALDERA
	http://www.securityfocus.com/bid/4742	vdb-entryx_refsource_BID
	http://marc.info/?l=bugtraq&m=103599320902432&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.linux-mandrake.com/en/security/2002/MD…	vendor-advisoryx_refsource_MANDRAKE
	http://www.redhat.com/support/errata/RHSA-2003-180.html	vendor-advisoryx_refsource_REDHAT
	http://www.kb.cert.org/vuls/id/336083	third-party-advisoryx_refsource_CERT-VN
	http://www.osvdb.org/8274	vdb-entryx_refsource_OSVDB
	http://www.aerasec.de/security/index.html?id=ae-2…	x_refsource_MISC
	http://www.redhat.com/support/errata/RHSA-2002-065.html	vendor-advisoryx_refsource_REDHAT
	http://www.iss.net/security_center/static/9075.php	vdb-entryx_refsource_XF
	http://online.securityfocus.com/advisories/4132	vendor-advisoryx_refsource_HP

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:42:27.761Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "CSSA-2002-040.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt"
          },
          {
            "name": "4742",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/4742"
          },
          {
            "name": "20021030 GLSA: sharutils",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=103599320902432\u0026w=2"
          },
          {
            "name": "MDKSA-2002:052",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php"
          },
          {
            "name": "RHSA-2003:180",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-180.html"
          },
          {
            "name": "VU#336083",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/336083"
          },
          {
            "name": "8274",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/8274"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en"
          },
          {
            "name": "RHSA-2002:065",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-065.html"
          },
          {
            "name": "sharutils-uudecode-symlink(9075)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/9075.php"
          },
          {
            "name": "HPSBTL0205-040",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/advisories/4132"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-05-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2003-03-20T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "CSSA-2002-040.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt"
        },
        {
          "name": "4742",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/4742"
        },
        {
          "name": "20021030 GLSA: sharutils",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=103599320902432\u0026w=2"
        },
        {
          "name": "MDKSA-2002:052",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php"
        },
        {
          "name": "RHSA-2003:180",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-180.html"
        },
        {
          "name": "VU#336083",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/336083"
        },
        {
          "name": "8274",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/8274"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en"
        },
        {
          "name": "RHSA-2002:065",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-065.html"
        },
        {
          "name": "sharutils-uudecode-symlink(9075)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/9075.php"
        },
        {
          "name": "HPSBTL0205-040",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://online.securityfocus.com/advisories/4132"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0178",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "CSSA-2002-040.0",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt"
            },
            {
              "name": "4742",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/4742"
            },
            {
              "name": "20021030 GLSA: sharutils",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=103599320902432\u0026w=2"
            },
            {
              "name": "MDKSA-2002:052",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php"
            },
            {
              "name": "RHSA-2003:180",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-180.html"
            },
            {
              "name": "VU#336083",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/336083"
            },
            {
              "name": "8274",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/8274"
            },
            {
              "name": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en",
              "refsource": "MISC",
              "url": "http://www.aerasec.de/security/index.html?id=ae-200204-033\u0026lang=en"
            },
            {
              "name": "RHSA-2002:065",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-065.html"
            },
            {
              "name": "sharutils-uudecode-symlink(9075)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/9075.php"
            },
            {
              "name": "HPSBTL0205-040",
              "refsource": "HP",
              "url": "http://online.securityfocus.com/advisories/4132"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0178",
    "datePublished": "2003-04-02T05:00:00",
    "dateReserved": "2002-04-17T00:00:00",
    "dateUpdated": "2024-08-08T02:42:27.761Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

10 vulnerabilities found for sharutils by gnu

CVE-2018-1000097 (GCVE-0-2018-1000097)

CVE-2005-0990 (GCVE-0-2005-0990)

CVE-2004-1773 (GCVE-0-2004-1773)

CVE-2004-1772 (GCVE-0-2004-1772)

CVE-2002-0178 (GCVE-0-2002-0178)

CVE-2018-1000097 (GCVE-0-2018-1000097)

CVE-2005-0990 (GCVE-0-2005-0990)

CVE-2004-1773 (GCVE-0-2004-1773)

CVE-2004-1772 (GCVE-0-2004-1772)

CVE-2002-0178 (GCVE-0-2002-0178)