According to Red Hat, updated packages for sharutils are available which fix potential privilegeescalation using the uudecode utility.
The sharutils package contains a set of tools for encoding and decodingpackages of files in binary or text format.
The uudecode utility would create an output file without checking to see if it was about to write to a symlink or a pipe. If a user uses uudecode toextract data into open shared directories, such as /tmp, this vulnerability could be used by a local attacker to overwrite files or lead to privilegeescalation.
The Common Vulnerabilities and Exposures project (cve.mitre.org) hasassigned the name CAN-2002-0178 to this issue.
Users should update to these errata sharutils packages which contain aversion of uudecode that has been patched to check for an existing pipe orsymlink output file.