+++ This bug was initially created as a clone of Bug #152573 +++ Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar. To test this: unshar `perl -e 'print "A"x2000'`/tmp/testing There is a patch in the gentoo BTS: http://bugs.gentoo.org/show_bug.cgi?id=65773
This issue also affects FC2
it's fixed in sharutils-4.2.1-22.1.FC3