uudecode bug (?)

bug-gnu-utils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

uudecode bug (?)

From:	Santiago Vila
Subject:	uudecode bug (?)
Date:	Mon, 10 Jun 2002 13:41:17 +0200 (CEST)

severity 149454 wishlist
thanks

Hello. I've received the following (surprising) bug report:

http://www.aerasec.de/security/index.html?lang=en&id=ae-200205-037

which says:

   The uudecode utility would create an output file without checking to
   see if it was about to write to a symlink or a pipe. If a user uses
   uudecode to extract data into open shared directories, such as /tmp,
   this vulnerability could be used by a local attacker to overwrite
   files or lead to privilege escalation. Fixed packages are available
   now.


Well, this is Unix, and the user is supposed to know what he/she is doing.
Not checking for a symlink or a pipe does not make uudecode more
dangerous than it is *already*. A uuencoded .profile is already
dangerous enough, for example.

Moreover, uudecode(1) says:

STANDARDS
       This implementation is compliant with P1003.2b/D11.

Does someone knows whether the proposed change is compatible with
this standard?

[Prev in Thread]

Current Thread

[Next in Thread]

uudecode bug (?), Santiago Vila <=
- Re: uudecode bug (?), martin f krafft, 2002/06/10
  - Re: Bug#149454: uudecode bug (?), Santiago Vila, 2002/06/10
    - Re: Bug#149454: uudecode bug (?), Dr. Peter Bieringer, 2002/06/10
  - Re: uudecode bug (?), Colin Watson, 2002/06/10
    - Re: uudecode bug (?), martin f krafft, 2002/06/10
- Re: uudecode bug (?), Andrew D Jewell, 2002/06/10
  - Re: uudecode bug (?), Paul Jarc, 2002/06/10
- Re: uudecode bug (?), Paul Eggert, 2002/06/10

Prev by Date: TINTAS PARA IMPRESORAS
Next by Date: Re: uudecode bug (?)
Previous by thread: TINTAS PARA IMPRESORAS
Next by thread: Re: uudecode bug (?)
Index(es):
- Date
- Thread