RedHat sharutils package uudecode flaw allows elevated privileges

Risk
Medium

Date Discovered
05-14-2002

Description
The uudecode utility included with the Red Hat Linux sharutils package creates files in an insecure fashion that could lead to files being overwritten or exploited to elevate local user privileges.

The sharutils package provides utilities to encode and decode files to and from various formats. The uuencode utility converts binary files to ASCII (text) format, which can be sent safely through email. The uudecode utility converts these files back to their binary format.

The Red Hat sharutils flaw occurs because uudecode creates an output file without verifying if it is about to write to a symbolic link (a file pointer that links to another file) or a pipe (a technique for passing information from one process to another). If the output file is created in an open share directory (for example, /tmp), a local attacker could exploit this vulnerability to overwrite existing files or elevate user privileges. Depending on the permissions of the program using uudecode, the attack could, potentially, result in root access.

Platforms Affected
Linux

Components Affected
Red Hat Software, Inc. 6.2 alpha
6.2 sparc
6.2 i386
7.0 alpha
7.0 i386
7.1 alpha
7.1 i386
7.1 ia64
7.2 i386
7.2 ia64

Redhat sharutils patch

Install the appropriate version and platform RPM of the Red Hat sharutils update package, which contains a version of uudecode patched to check for an existing symbolic link or pipe.

Before applying this update, ensure that all previously released updates relevant to your system have been applied. To update all RPMs for your particular version, run the following command:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you want to update. Only currently installed RPMs in the list will be updated. You can also use wildcards (*.rpm) if your current directory contains only the desired RPMs.

The sharutils update is available also on the Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

The up2date command starts an interactive process to upgrade appropriate RPMs on your system.

References
Source: CVE CAN-2002-0178
URL: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0178

Source: Red Hat RHSA-2002-065
URL: http://rhn.redhat.com/errata/RHSA-2002-065.html

Source: Security Focus.com
URL: http://online.securityfocus.com/advisories/4120

Copyright (c) 2009 by Symantec Corp.
Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from secure@symantec.com.

Disclaimer
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Symantec, Symantec products, Symantec Security Response, and secure@symantec.com are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.