Red Hat Bugzilla – Bug 123230
Buffer overflow in handling of -o option
Last modified: 2007-11-30 17:10:42 EST
Shaun Colley discovered a buffer overflow in sharutils <= 2.5.5 when
using the -o option.
See http://www.spinics.net/lists/bugtraq/msg11869.html and
http://www.spinics.net/lists/bugtraq/msg11898.html for details.
Oops. That must be sharutils <= 4.2.1. Must have gotten 2.5.5. from
another package that I was looking at earlier.
Created attachment 100229 [details]
Option -o patch
Patch taken from SuSE 9.0 sharutils-4.2c-718.src.rpm. Modified header so it
patches using -p1 instead of -p0.
Note that the patch in the original announcement
(http://www.spinics.net/lists/bugtraq/msg11869.html) is incorrect (see
Downgrading severity; buffer overflow in non setuid/gid program.
I am not aware of the criteria you use for this. Are these described
somewhere? They seem to be different from the explanation of
"Severity" in the bugzilla form help.
I must say that if this can be (remotely) exploited to gain a shell it
might be used as a stepping stone to exploit an unplugged local root
exploit. It should be fixed asap.
it's now fixed in sharutils-4_2_1-19, which will be showed up in
What kind of version is that, 4_2_1? Are the underscores here to stay?
With rawhide you also mean FC1 testing? Or are you just releasing it