LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Sharutils potential privilege escalation using uudecode

Package(s):sharutils CVE #(s):CAN-2002-0178
Created:May 21, 2002 Updated:October 31, 2002
Description: According to the CVE entry, "uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands." (First LWN report: May 16).
Alerts:
Gentoo 200210-012 2002-10-30
SCO Group CSSA-2002-040.0 2002-10-28
Mandrake MDKSA-2002:052 2002-08-14
Yellow Dog YDU-20020522-4 2002-05-22
Red Hat RHSA-2002:065-13 2002-05-14
Eridani ERISA-2002:014 2002-05-16
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds