Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to
execute arbitrary code via a long -o command line argument.
To test this:
shar -o `perl -e 'print "A"x2000'`
A patch is located here:
This issue also affects RHEL2.1
it's fixed in sharutils-4.2.1-8.8.x (rhel-2) and sharutils-4.2.1-16.1 (rhel3)
sharutils-4.2.1-16.1 is in 3.0E-errata-candidate
sharutils-4.2.1-8.8.x is in 2.1AS-errata-candidate
None of these have been released in errata, as the most recent errata was for
2.1 only and included sharutils-4.2.1-8.7.x. Reopening this issue.
it's fixed in sharutils-4.2.1-8.9.x (rhel-2) and sharutils-4.2.1-16.2 (rhel3)
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.