oss-sec mailing list archives
Re: Directory traversal in sharutils/uudecode and python uu module
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Tue, 24 Jan 2023 15:09:08 -0800
On 12/21/22 10:42, Hanno Böck wrote:
If one can convince someone with root privileges to decode such a file this may thus compromise a system.
Fortunately, the easiest exploit path was mostly removed decades ago: https://exchange.xforce.ibmcloud.com/vulnerabilities/126
I got a reply confirming the report from the sharutils developers, pointing out that this can be interpreted as expected behavior according to the posix standard. I don't expect a fix any time soon, their latest release is from 2015.
I started a discussion on the Austin Group mailing list to see if the standard should be updated, but the argument has mostly leaned towards "users should either use -o to specify output or look at files before uudecoding them" (along with suggestions to drop these utilities from the standard now in favor of base64 encoding utilities). -- -Alan Coopersmith- alan.coopersmith () oracle com Oracle Solaris Engineering - https://blogs.oracle.com/solaris
Current thread:
- Re: Directory traversal in sharutils/uudecode and python uu module Alan Coopersmith (Jan 24)