Vulnerability Note VU#336083
Uudecode performs inadequate checks on user-specified output files
The uudecode utility contains a vulnerability that allows an attacker to overwrite arbitrary files, symbolic links, and named pipes.
The uudecode utility is used to decode files that have been encoded in the 7-bit printable format generated by uuencode. This format allows for the specification of a desired output file name, which may also contain an absolute or relative path. Some implementations of uudecode fail to check the specified file name or its type before writing, so it is possible for uudecode to overwrite existing files, including regular files, symbolic links, and named pipes.
If an attacker can convince a user to invoke uudecode on a malicious file without reviewing the included file name, the attacker can cause the user to overwrite any file accessible by the user. If the victim user has root privileges, the attacker can exploit this vulnerability to overwrite arbitrary files. With respect to symbolic links and named pipes, attackers who exploit this vulnerability can alter the normal operation of system scripts and running processes, significantly increasing the risk of system compromise.
Attackers can convince users to overwrite arbitrary files, symbolic links, and named pipes. This ability can be leveraged to gather information, destroy system and user data, and gain control of vulnerable hosts.
Apply a patch from your vendor
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Cray Inc.||Affected||15 Jul 2002||19 Aug 2002|
|Debian||Affected||15 Jul 2002||19 Aug 2002|
|Gentoo Linux||Affected||30 Oct 2002||13 Dec 2002|
|GNU Sharutils||Affected||-||15 Jul 2002|
|Hewlett-Packard Company||Affected||15 Jul 2002||13 Dec 2002|
|Internet Security Systems Inc.||Affected||19 Aug 2002||19 Aug 2002|
|MandrakeSoft||Affected||15 Jul 2002||19 Aug 2002|
|Red Hat Inc.||Affected||16 Apr 2002||16 Jul 2002|
|Sun Microsystems Inc.||Affected||15 Jul 2002||19 Aug 2002|
|The SCO Group (SCO Linux)||Affected||15 Jul 2002||13 Dec 2002|
|The SCO Group (SCO UnixWare)||Affected||15 Jul 2002||13 Dec 2002|
|Fujitsu||Not Affected||15 Jul 2002||19 Aug 2002|
|Apple Computer Inc.||Unknown||15 Jul 2002||16 Jul 2002|
|BSDI||Unknown||15 Jul 2002||16 Jul 2002|
|Compaq Computer Corporation||Unknown||15 Jul 2002||16 Jul 2002|
CVSS Metrics (Learn More)
This vulnerability was discovered by AERAsec.
This document was written by Jeffrey P. Lanza.
- CVE IDs: CAN-2002-0178
- Date Public: 16 Apr 2002
- Date First Published: 15 Jul 2002
- Date Last Updated: 13 Dec 2002
- Severity Metric: 9.41
- Document Revision: 28
If you have feedback, comments, or additional information about this vulnerability, please send us email.