[18957] in bugtraq
Re: SuSe / Debian man package format string vulnerability
daemon@ATHENA.MIT.EDU (=?iso-8859-2?Q?Tomasz_Ku=BCniar?=)
Fri Feb 2 13:11:29 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20010202093629.A23686@ania.profnet.pl>
Date: Fri, 2 Feb 2001 09:36:29 +0100
Reply-To: =?iso-8859-2?Q?Tomasz_Ku=BCniar?= <mezon@PROFNET.PL>
From: =?iso-8859-2?Q?Tomasz_Ku=BCniar?= <mezon@PROFNET.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <008301c08b91$2df28080$501fb00a@cerc.dgaccp.pt>; from
tharbad@KAOTIK.ORG on Wed, Jan 31, 2001 at 02:22:01PM -0000
On Wed, Jan 31, 2001 at 02:22:01PM -0000, Joao Gouveia wrote:
: The man package that ships with SuSe Linux ( at least versions 6.1 throught
: 7.0 ) has a format string vulnerability. Also debian 2.2r2 ( at least ), is
: confirmed to have the same problem.
:
: <quote>
: jroberto@spike:~ > man -l %x%x%x%x
: man: 4000bc7438049af00: No such file or directory
: </quote>
The same problem in most (all?) distributions is with m4 - GNU macro
processor code, when trying use -G option:
mezon@beata:~$ m4 -G %x%x%x%x
m4: 40012a48380491e00: No such file or directory
--
Tomasz Kuzniar <mezon@profnet.pl>
* Polska Platforma Internetowa *
~ ~ ~
"Wyjsc na ludzi - Go out on people"
