SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#336083

Uudecode performs inadequate checks on user-specified output files

Overview

The uudecode utility contains a vulnerability that allows an attacker to overwrite arbitrary files, symbolic links, and named pipes.

I. Description

The uudecode utility is used to decode files that have been encoded in the 7-bit printable format generated by uuencode. This format allows for the specification of a desired output file name, which may also contain an absolute or relative path. Some implementations of uudecode fail to check the specified file name or its type before writing, so it is possible for uudecode to overwrite existing files, including regular files, symbolic links, and named pipes.

If an attacker can convince a user to invoke uudecode on a malicious file without reviewing the included file name, the attacker can cause the user to overwrite any file accessible by the user. If the victim user has root privileges, the attacker can exploit this vulnerability to overwrite arbitrary files. With respect to symbolic links and named pipes, attackers who exploit this vulnerability can alter the normal operation of system scripts and running processes, significantly increasing the risk of system compromise.

This vulnerability was first discovered in the uudecode implementation included with the GNU Sharutils package, but may be present in other implementations as well. For more information on GNU Sharutils, please see http://www.gnu.org/directory/sharutils.html.

II. Impact

Attackers can convince users to overwrite arbitrary files, symbolic links, and named pipes. This ability can be leveraged to gather information, destroy system and user data, and gain control of vulnerable hosts.

III. Solution

Apply a patch from your vendor


Please see the vendor section of this document for information on obtaining patches.

Systems Affected

VendorStatusDate Updated
Apple Computer Inc.Unknown16-Jul-2002
BSDIUnknown16-Jul-2002
Compaq Computer CorporationUnknown16-Jul-2002
Cray Inc.Vulnerable19-Aug-2002
Data GeneralUnknown16-Jul-2002
DebianVulnerable19-Aug-2002
FreeBSDUnknown16-Jul-2002
FujitsuNot Vulnerable19-Aug-2002
Gentoo LinuxVulnerable13-Dec-2002
GNU SharutilsVulnerable15-Jul-2002
Guardian Digital Inc. Unknown16-Jul-2002
Hewlett-Packard CompanyVulnerable13-Dec-2002
IBMUnknown16-Jul-2002
Internet Security Systems Inc.Vulnerable19-Aug-2002
MandrakeSoftVulnerable19-Aug-2002
NEC CorporationUnknown16-Jul-2002
NetBSDUnknown16-Jul-2002
OpenBSDUnknown16-Jul-2002
Red Hat Inc.Vulnerable16-Jul-2002
SequentUnknown16-Jul-2002
SGIUnknown16-Jul-2002
Sony CorporationUnknown16-Jul-2002
Sun Microsystems Inc.Vulnerable19-Aug-2002
SuSE Inc.Unknown22-Jul-2002
The SCO Group (SCO Linux)Vulnerable13-Dec-2002
The SCO Group (SCO UnixWare)Vulnerable13-Dec-2002
UnisysUnknown16-Jul-2002
Wind River Systems Inc.Unknown16-Jul-2002

References


http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en
http://www.gnu.org/directory/sharutils.html
http://www.securityfocus.com/bid/4742

Credit

This vulnerability was discovered by AERAsec.

This document was written by Jeffrey P. Lanza.

Other Information

Date Public04/16/2002
Date First Published07/15/2002 01:36:51 PM
Date Last Updated12/13/2002
CERT Advisory 
CVE NameCAN-2002-0178
US-CERT Technical Alerts 
Metric9.41
Document Revision28

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2002 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader