[19000] in bugtraq
Re: SuSe / Debian man package format string vulnerability
daemon@ATHENA.MIT.EDU (Robert van der Meulen)
Mon Feb 5 00:07:36 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20010204014834.A1351@lin-gen.com>
Date: Sun, 4 Feb 2001 01:48:34 +0100
Reply-To: Robert van der Meulen <rvdm@CISTRON.NL>
From: Robert van der Meulen <rvdm@CISTRON.NL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3A7C2431.35F9FD10@mailbox.as>; from styx@MAILBOX.AS on Sat,
Feb 03, 2001 at 04:30:57PM +0100
Hi,
Quoting StyX (styx@MAILBOX.AS):
> styx@SuxOS-devel:~$ man -l %n%n%n%n
> man: Segmentation fault
> styx@SuxOS-devel:~$
>
> This was on my Debian 2.2 potato system (It doesn't dump core though).
Just for the record:
on a lot of systems (including Debian), 'man' is not suid/sgid anything, and
this doesn't impose a security problem.
I don't know about Suse/Redhat/others.
Greets,
Robert
--
Linux Generation
