Vulnerability Name:

CVE-2004-1772 (CCN-15759)

Assigned:2004-04-06
Published:2004-04-06
Updated:2017-10-11
Summary:Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: BugTraq Mailing List, Tue Apr 06 2004 - 14:04:15 CDT
GNU Sharutils buffer overflow vulnerability.

Source: MITRE
Type: CNA
CVE-2004-1772

Source: MITRE
Type: CNA
CVE-2004-1773

Source: OPENPKG
Type: UNKNOWN
OpenPKG-SA-2004.011

Source: CCN
Type: RHSA-2005-377
sharutils security update

Source: CCN
Type: GLSA-200410-01
sharutils: Buffer overflows in shar.c and unshar.c

Source: CCN
Type: OpenPKG-SA-2004.011
Sharutils

Source: REDHAT
Type: UNKNOWN
RHSA-2005:377

Source: BUGTRAQ
Type: Exploit, Patch
20040406 GNU Sharutils buffer overflow vulnerability.

Source: BID
Type: Patch
10066

Source: CCN
Type: BID-10066
GNU Sharutils shar Command Line Parsing Buffer Overflow Vulnerability

Source: CCN
Type: BID-11298
GNU Sharutils Multiple Buffer Overflow Vulnerabilities

Source: CCN
Type: TLSA-2005-54
Multiple vulnerabilities exist in Sharutils

Source: CCN
Type: USN-102-1
shar vulnerabilities

Source: FEDORA
Type: Patch
FLSA:2155

Source: XF
Type: UNKNOWN
sharutils-shar-bo(15759)

Source: XF
Type: UNKNOWN
sharutils-shar-bo(15759)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11722

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:sharutils:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:sharutils:4.2.1:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gnu:sharutils:4.2.1:*:*:*:*:*:*:*
  • AND
  • cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.3:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20041772
    V
    		CVE-2004-1772
    2015-11-16
    oval:org.mitre.oval:def:11722
    V
    		Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.
    2013-04-29
    oval:com.redhat.rhsa:def:20050377
    P
    		RHSA-2005:377: sharutils security update (Low)
    2005-04-26
    BACK
    gnu sharutils 4.2
    gnu sharutils 4.2.1
    gnu sharutils 4.2.1
    openpkg openpkg current
    gentoo linux *
    mandrakesoft mandrake linux corporate server 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    openpkg openpkg 1.3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    openpkg openpkg 2.0
    mandrakesoft mandrake linux 10.0
    redhat enterprise linux 3
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux home *
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux corporate server 2.1