[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
uudecode bug (?)
From: |
Santiago Vila |
Subject: |
uudecode bug (?) |
Date: |
Mon, 10 Jun 2002 13:41:17 +0200 (CEST) |
severity 149454 wishlist
thanks
Hello. I've received the following (surprising) bug report:
http://www.aerasec.de/security/index.html?lang=en&id=ae-200205-037
which says:
The uudecode utility would create an output file without checking to
see if it was about to write to a symlink or a pipe. If a user uses
uudecode to extract data into open shared directories, such as /tmp,
this vulnerability could be used by a local attacker to overwrite
files or lead to privilege escalation. Fixed packages are available
now.
Well, this is Unix, and the user is supposed to know what he/she is doing.
Not checking for a symlink or a pipe does not make uudecode more
dangerous than it is *already*. A uuencoded .profile is already
dangerous enough, for example.
Moreover, uudecode(1) says:
STANDARDS
This implementation is compliant with P1003.2b/D11.
Does someone knows whether the proposed change is compatible with
this standard?
- uudecode bug (?),
Santiago Vila <=