Bug 1085004 - (CVE-2018-1000097) VUL-0: CVE-2018-1000097: sharutils: A Buffer Overflow vulnerability in the file unshar.c at line 75, function looks_like_c_code
(CVE-2018-1000097)
VUL-0: CVE-2018-1000097: sharutils: A Buffer Overflow vulnerability in the fi...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Philipp Thomas
Security Team bot
https://smash.suse.de/issue/201700/
CVSSv3:RedHat:CVE-2018-1000097:3.3:(A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-03-13 07:45 UTC by Karol Babioch
Modified: 2018-12-03 02:40 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Reproducer (345 bytes, application/zip)
2018-03-13 07:46 UTC, Karol Babioch
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-03-13 07:45:24 UTC
CVE-2018-1000097

Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow
vulnerability in Affected component on the file unshar.c at line 75, function
looks_like_c_code. Failure to perform checking of the buffer containing input
line. that can result in Could lead to code execution. This attack appear to be
exploitable via Victim have to run unshar command on a specially crafted file..

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000097
http://seclists.org/bugtraq/2018/Feb/54
Comment 1 Karol Babioch 2018-03-13 07:46:55 UTC
Created attachment 763456 [details]
Reproducer

Password: abc123
Comment 3 Philipp Thomas 2018-03-13 13:06:11 UTC
Never mind, I've checked in a fixed version to Base:System and made an SR for factory as that line in unshar.c was buggy in that it looped over isspace without checking if it had reached the end of the buffer.
Comment 9 Philipp Thomas 2018-08-20 07:24:46 UTC
SLE 12 has 4.11.1 which doesn't have this bug.
Comment 10 Marcus Meissner 2018-08-22 14:19:30 UTC
untagged, resolved