[19003] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: SuSe / Debian man package format string vulnerability

daemon@ATHENA.MIT.EDU (Jose Nazario)
Mon Feb 5 01:44:13 2001

Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id:  <Pine.LNX.4.30.0102042328410.23404-100000@biocserver.BIOC.CWRU.Edu>
Date:         Sun, 4 Feb 2001 23:29:21 -0500
Reply-To: Jose Nazario <jose@BIOCSERVER.BIOC.CWRU.EDU>
From: Jose Nazario <jose@BIOCSERVER.BIOC.CWRU.EDU>
X-To:         Martin Schulze <joey@infodrom.north.de>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <20010204110554.V15483@finlandia.infodrom.north.de>

On Sun, 4 Feb 2001, Martin Schulze wrote:

> Please tell me what you gain from this.  man does not run setuid
> root/man but only setgid man.  So all you can exploit this to is a
> shell running under your ownl user ide.

sucker admins who m4 their sendmail.mc's as root, chiefly if you trick
them into processing an untrusted and untrustworthy .mc file.

____________________________
jose nazario						     jose@cwru.edu
	      	     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
				       PGP key ID 0xFD37F4E5 (pgp.mit.edu)


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[19003] in bugtraq

Re: SuSe / Debian man package format string vulnerability

daemon@ATHENA.MIT.EDU (Jose Nazario)Mon Feb 5 01:44:13 2001

daemon@ATHENA.MIT.EDU (Jose Nazario)
Mon Feb 5 01:44:13 2001