[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
sharutils: Directory traversal (security issue) in uudecode
|
From: |
Hanno Böck |
|
Subject: |
sharutils: Directory traversal (security issue) in uudecode |
|
Date: |
Sun, 27 Nov 2022 16:57:53 +0100 |
Hello,
I want to report a security issue in the uudecode commandline tool that
is part of sharutils.
The tool is vulnerable to a classic directory traversal attack. It will
interpret file paths in the "begin" line of the uuencoded input. When
running it on untrusted input this allows creating arbitrary files on
the filesystem (e.g. replacing /etc/shadow if the root user decodes a
file).
There are two variations: Passing a path starting with a number of
../../ repetitions or directly starting with /. I have attached
simple proof of concept files for both variants.
--
Hanno Böck
https://hboeck.de/
trav1.uu
Description: Binary data
trav2.uu
Description: Binary data
- sharutils: Directory traversal (security issue) in uudecode,
Hanno Böck <=