GNU SharUtils UUDecode Symbolic Link Attack Vulnerability

Sharutils is a freely available, open source suite of tools maintained by the GNU. It is designed for use on Unix and Linux operating systems.

Prior to decoding a uuencoded file, uudecode does not check for the existence of the file to be created from the decoded archive. As a result, a decoded file may overwrite another file in the temporary directory, provided the user of uudecode has write permission to the file.


 

Privacy Statement
Copyright 2010, SecurityFocus