GNU SharUtils UUDecode Symbolic Link Attack Vulnerability

Solution:
Hewlett-Packard Company recommends that customers who have installed sharutils download the RPMs listed in the following Red Hat Security Advisory:

2002-05-14 RHSA-2002:065 Updated sharutils package fixes uudecode issue.

SCO has released a security update. OpenLinux, OpenUnix, and UnixWare fixes are available.

Gentoo Linux has released a security advisory. It is recommended that all Gentoo Linux users who are running sys-apps/sharutils-4.2.1-r5 and earlier update their systems as follows:

emerge rsync
emerge sharutils
emerge clean

Red Hat has released an advisory (RHSA-2003:180-05). Fixes are available for Red Hat Enterprise Linux AS (v. 2.1) and can be obtained from the Red Hat Network http://rhn.redhat.com/.

SCO has released advisory SCOSA-2004.12 and fixes addressing this issue for OpenServer 5.0.6 and 5.0.7. Please see the referenced advisory for further information.

Avaya has announced that Intuity R5.1.46 is affected and that fixes are pending. Please see the following advisory for further details:

http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=198481&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()

Fixes available:


Caldera OpenLinux Server 3.1

Caldera OpenLinux Workstation 3.1

Caldera OpenLinux Server 3.1.1

Caldera OpenLinux Workstation 3.1.1

Compaq Tru64 4.0 g PK3 (BL17)

Compaq Tru64 4.0 f PK7 (BL18)

GNU sharutils 4.2

Compaq Tru64 5.0 a PK3 (BL17)

Compaq Tru64 5.1 PK5 (BL19)

Compaq Tru64 5.1 a PK3 (BL3)


 

Privacy Statement
Copyright 2010, SecurityFocus