[14074] in bugtraq
Re: man bugs might lead to root compromise (RH 6.1 and other
daemon@ATHENA.MIT.EDU (H D Moore)
Mon Feb 28 16:18:39 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <38BA61F2.60052785@secureaustin.com>
Date: Mon, 28 Feb 2000 05:54:26 -0600
Reply-To: H D Moore <hdm@SECUREAUSTIN.COM>
From: H D Moore <hdm@SECUREAUSTIN.COM>
X-To: Michal Zalewski <lcamtuf@dione.ids.pl>
To: BUGTRAQ@SECURITYFOCUS.COM
I tried PAGERas well as every other environment variable I could tell it
read, no luck. The PAGER just gives me "AAAAAAAAA" ... "AA: Command not
found."
-HD
Michal Zalewski wrote:
>
> On Sun, 27 Feb 2000, H D Moore wrote:
>
> > Hi,
> >
> > I could not reproduce this on a SuSE 6.2 system running:
> >
> > man, version 2.3.10, db 2.3.1, July 12th, 1995
> > (G.Wilford@ee.surrey.ac.uk)
> >
> > My copy is setgid man and I also subjected it to 4,8, and 20 kb buffers
> > in every envrionment variable it uses without it flinching.
>
> Try setting PAGER instead of MANPAGER - older man version used it.
>
> _______________________________________________________
> Michal Zalewski * [lcamtuf@ags.pl] <=> [AGS WAN SYSADM]
> [dione.ids.pl SYSADM] <-> [http://lcamtuf.na.export.pl]
> [+48 22 551 45 93] [+48 603 110 160] bash$ :(){ :|:&};:
> =-----=> God is real, unless declared integer. <=-----=
