Vulnerability Note VU#336083

Uudecode performs inadequate checks on user-specified output files

Original Release date: 15 Jul 2002 | Last revised: 13 Dec 2002

Overview

The uudecode utility contains a vulnerability that allows an attacker to overwrite arbitrary files, symbolic links, and named pipes.

Description

The uudecode utility is used to decode files that have been encoded in the 7-bit printable format generated by uuencode. This format allows for the specification of a desired output file name, which may also contain an absolute or relative path. Some implementations of uudecode fail to check the specified file name or its type before writing, so it is possible for uudecode to overwrite existing files, including regular files, symbolic links, and named pipes.

If an attacker can convince a user to invoke uudecode on a malicious file without reviewing the included file name, the attacker can cause the user to overwrite any file accessible by the user. If the victim user has root privileges, the attacker can exploit this vulnerability to overwrite arbitrary files. With respect to symbolic links and named pipes, attackers who exploit this vulnerability can alter the normal operation of system scripts and running processes, significantly increasing the risk of system compromise.

This vulnerability was first discovered in the uudecode implementation included with the GNU Sharutils package, but may be present in other implementations as well. For more information on GNU Sharutils, please see http://www.gnu.org/directory/sharutils.html.

Impact

Attackers can convince users to overwrite arbitrary files, symbolic links, and named pipes. This ability can be leveraged to gather information, destroy system and user data, and gain control of vulnerable hosts.

Solution

Apply a patch from your vendor

Please see the vendor section of this document for information on obtaining patches.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Cray Inc.Affected15 Jul 200219 Aug 2002
DebianAffected15 Jul 200219 Aug 2002
Gentoo LinuxAffected30 Oct 200213 Dec 2002
GNU SharutilsAffected-15 Jul 2002
Hewlett-Packard CompanyAffected15 Jul 200213 Dec 2002
Internet Security Systems Inc.Affected19 Aug 200219 Aug 2002
MandrakeSoftAffected15 Jul 200219 Aug 2002
Red Hat Inc.Affected16 Apr 200216 Jul 2002
Sun Microsystems Inc.Affected15 Jul 200219 Aug 2002
The SCO Group (SCO Linux)Affected15 Jul 200213 Dec 2002
The SCO Group (SCO UnixWare)Affected15 Jul 200213 Dec 2002
FujitsuNot Affected15 Jul 200219 Aug 2002
Apple Computer Inc.Unknown15 Jul 200216 Jul 2002
BSDIUnknown15 Jul 200216 Jul 2002
Compaq Computer CorporationUnknown15 Jul 200216 Jul 2002
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was discovered by AERAsec.

This document was written by Jeffrey P. Lanza.

Other Information

  • CVE IDs: CAN-2002-0178
  • Date Public: 16 Apr 2002
  • Date First Published: 15 Jul 2002
  • Date Last Updated: 13 Dec 2002
  • Severity Metric: 9.41
  • Document Revision: 28

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.