Main Vulnerability Database Vulnerabilities #VU11157

Buffer overflow in Sharutils - CVE-2018-1000097

Published: March 14, 2018 / Updated: March 21, 2018

Vulnerability identifier: #VU11157

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-1000097

CWE-ID: CWE-120

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: GNU

Affected software:
Sharutils

Detailed vulnerability description

The vulnerability allows a local unauthenticated attacker to gain elevated privileges on the target system.

The weakness exists in the looks_like_c_code function due to insufficient validation of user-supplied input. A local attacker can send a specially crafted file, trick the victim into running an unshar command, trigger buffer overflow and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

How to mitigate CVE-2018-1000097

Install update from vendor's website.

Sources

http://lists.gnu.org/archive/html/bug-gnu-utils/2018-02/msg00004.html

Buffer overflow in Sharutils - CVE-2018-1000097

Detailed vulnerability description

How to mitigate CVE-2018-1000097

Sources

Please verify you're human