Sharutils 4.2.1 local root exploit. Note: shar is NOT setuid by default, so this exploit is completely proof of concept if for some reason the binary was setuid.
edd1020fd999d8177e094173be570e3a68f63ad358f7757f48ef91abc923b842A stack-based buffer overflow vulnerability exists in the popular shar utility packaged in the GNU sharutils distribution, due to a lack of bounds checking when handling the -o command-line option. By default, this file is not setuid nor setgid, but if used in conjunction with other tools, it is possible that this can be manipulated for nefarious purposes.
b6dceda7216ae56f8997fa05d3bb0b438c5ce4c248e40197d99a60a8f531c1c6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed