sharutils: Buffer overflows in shar.c and unshar.c sharutils contains two buffer overflow vulnerabilities that could lead to arbitrary code execution. sharutils 2004-10-01 2006-05-22 65773 remote 4.2.1-r10 4.2.1-r9

sharutils contains utilities to manage shell archives.

sharutils contains two buffer overflows. Ulf Harnhammar discovered a buffer overflow in shar.c, where the length of data returned by the wc command is not checked. Florian Schilhabel discovered another buffer overflow in unshar.c.

An attacker could exploit these vulnerabilities to execute arbitrary code as the user running one of the sharutils programs.

There is no known workaround at this time.

All sharutils users should upgrade to the latest version:

# emerge sync # emerge -pv ">=app-arch/sharutils-4.2.1-r10" # emerge ">=app-arch/sharutils-4.2.1-r10" Debian Bug #265904 CVE-2004-1773 jaervosz jaervosz jaervosz