Gentoo Secure Linux Advisories: sharutils, pam_ldap | Linux Today
Security
SHARE
Facebook X Pinterest WhatsApp

Gentoo Secure Linux Advisories: sharutils, pam_ldap

Written By
Web Webster
Web Webster
Oct 31, 2002 
- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200210-012
- - --------------------------------------------------------------------

PACKAGE : sharutils
SUMMARY : inadequate checks on user-specified output files
DATE    : 2002-10-30 14:10 UTC
EXPLOIT : local

- - --------------------------------------------------------------------

The uudecode utility would create an output file without checking
to see if it was about to write to a symlink or a pipe. If a
user uses uudecode to extract data into open shared directories,
such as /tmp, this vulnerability could be used by a local attacker
to overwrite files or lead to privilege escalation.

Read the full advisory at
http://www.kb.cert.org/vuls/id/336083

SOLUTION

It is recommended that all Gentoo Linux users who are running
sys-apps/sharutils-4.2.1-r5 and earlier update their systems as follows:

emerge rsync
emerge sharutils
emerge clean

- - --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200210-013
- - --------------------------------------------------------------------

PACKAGE : pam_ldap
SUMMARY : format string attack
DATE    : 2002-10-30 22:10 UTC
EXPLOIT : local

- - --------------------------------------------------------------------

Versions 143 and earlier of the pam_ldap module are vulnerable to a 
format string attack. A local attacker could supply a malicious 
format string when opening a configuration file, which could allow 
the attacker to execute arbitrary code on the system with elevated 
privileges.

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-libs/pam_ldap-134-r1 and earlier update their systems as follows:

emerge rsync
emerge pam_ldap
emerge clean

- - --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

facebook
linkedin
x

Company

Contact us

Categories

News IT Management Infrastructure Developer Security High Performance Storage Blog

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information