[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3D33679B.3050707@bokeoa.com>
From: core at bokeoa.com (Charles 'core' Stevenson)
Subject: Sharutils buggy?
Well you could check out some e-mail programs etc... Imagine that an
attacker sends e-mail to root@...e.host with a uuencoded attachment. The
attacker has local access to the machine and knows that root's e-mail
program calls system("uudecode %s",file) would allow the attacker to
setup the uuencode file in such a fashion as to make this work...
whether such a case exists is pure speculation. But out of boredom I've
attached a theorhetical exploit.
peace,
core
martin f krafft wrote:
> I'd like to get some educated thoughts and opinions on a recently found
> potential bug:
>
> http://www.aerasec.de/security/index.html?lang=en&id=ae-200205-037
> http://online.securityfocus.com/bid/4742
> http://www.aerasec.de/security/index.html?lang=en&id=ae-200205-049
> http://www.aerasec.de/security/index.html?lang=en&id=ae-200204-033
> http://bugs.debian.org/149454
> http://www.kb.cert.org/vuls/id/336083
>
> cheers,
>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: uudecode.sh
Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20020715/631943bf/uudecode.ksh
Powered by blists - more mailing lists