Описание
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2002-0178
- http://marc.info/?l=bugtraq&m=103599320902432&w=2
- http://online.securityfocus.com/advisories/4132
- http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en
- http://www.iss.net/security_center/static/9075.php
- http://www.kb.cert.org/vuls/id/336083
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php
- http://www.osvdb.org/8274
- http://www.redhat.com/support/errata/RHSA-2002-065.html
- http://www.redhat.com/support/errata/RHSA-2003-180.html
- http://www.securityfocus.com/bid/4742
EPSS
CVE ID
Связанные уязвимости
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.
Уязвимость операционной системы Red Hat Linux, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS