{"vuid":"VU#336083","idnumber":"336083","name":"Uudecode performs inadequate checks on user-specified output files","keywords":["sharutils","uudecode utility","symlink","pipe","privilege escalation","/tmp"],"overview":"The uudecode utility contains a vulnerability that allows an attacker to overwrite arbitrary files, symbolic links, and named pipes.","clean_desc":"The uudecode utility is used to decode files that have been encoded in the 7-bit printable format generated by uuencode. This format allows for the specification of a desired output file name, which may also contain an absolute or relative path. Some implementations of uudecode fail to check the specified file name or its type before writing, so it is possible for uudecode to overwrite existing files, including regular files, symbolic links, and named pipes. If an attacker can convince a user to invoke uudecode on a malicious file without reviewing the included file name, the attacker can cause the user to overwrite any file accessible by the user. If the victim user has root privileges, the attacker can exploit this vulnerability to overwrite arbitrary files. With respect to symbolic links and named pipes, attackers who exploit this vulnerability can alter the normal operation of system scripts and running processes, significantly increasing the risk of system compromise. This vulnerability was first discovered in the uudecode implementation included with the GNU Sharutils package, but may be present in other implementations as well. For more information on GNU Sharutils, please see http://www.gnu.org/directory/sharutils.html.","impact":"Attackers can convince users to overwrite arbitrary files, symbolic links, and named pipes. This ability can be leveraged to gather information, destroy system and user data, and gain control of vulnerable hosts.","resolution":"Apply a patch from your vendor Please see the vendor section of this document for information on obtaining patches.","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered by AERAsec.","author":"This document was written by Jeffrey P. Lanza.","public":["http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en","http://www.gnu.org/directory/sharutils.html","http://www.securityfocus.com/bid/4742"],"cveids":["CVE-2002-0178"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-05-15T13:14:10Z","publicdate":"2002-04-16T00:00:00Z","datefirstpublished":"2002-07-15T17:36:52Z","dateupdated":"2002-12-13T16:42:07Z","revision":29,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"10","cam_internetinfrastructure":"3","cam_population":"10","cam_impact":"19","cam_easeofexploitation":"4","cam_attackeraccessrequired":"20","cam_scorecurrent":"9.405","cam_scorecurrentwidelyknown":"9.405","cam_scorecurrentwidelyknownexploited":"12.255","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":9.405,"vulnote":null}