A stack-based buffer overflow vulnerability exists in the popular shar utility packaged in the GNU sharutils distribution, due to a lack of bounds checking when handling the -o command-line option. By default, this file is not setuid nor setgid, but if used in conjunction with other tools, it is possible that this can be manipulated for nefarious purposes.
b6dceda7216ae56f8997fa05d3bb0b438c5ce4c248e40197d99a60a8f531c1c6Sharutils 4.2.1 local root exploit. Note: shar is NOT setuid by default, so this exploit is completely proof of concept if for some reason the binary was setuid.
edd1020fd999d8177e094173be570e3a68f63ad358f7757f48ef91abc923b842
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed