[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

sharutils: Directory traversal (security issue) in uudecode

From: Hanno Böck
Subject: sharutils: Directory traversal (security issue) in uudecode
Date: Sun, 27 Nov 2022 16:57:53 +0100


I want to report a security issue in the uudecode commandline tool that
is part of sharutils.

The tool is vulnerable to a classic directory traversal attack. It will
interpret file paths in the "begin" line of the uuencoded input. When
running it on untrusted input this allows creating arbitrary files on
the filesystem (e.g. replacing /etc/shadow if the root user decodes a

There are two variations: Passing a path starting with a number of
../../ repetitions or directly starting with /. I have attached
simple proof of concept files for both variants.

Hanno Böck

Attachment: trav1.uu
Description: Binary data

Attachment: trav2.uu
Description: Binary data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]