[19009] in bugtraq
Re: SuSe / Debian man package format string vulnerability
daemon@ATHENA.MIT.EDU (Mate Wierdl)
Mon Feb 5 15:19:18 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20010205114219.B30149@thales.memphis.edu>
Date: Mon, 5 Feb 2001 11:42:19 -0600
Reply-To: Mate Wierdl <mw@THALES.MEMPHIS.EDU>
From: Mate Wierdl <mw@THALES.MEMPHIS.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010204014834.A1351@lin-gen.com>; from rvdm@CISTRON.NL on Sun,
Feb 04, 2001 at 01:48:34AM +0100
On Sun, Feb 04, 2001 at 01:48:34AM +0100, Robert van der Meulen wrote:
> I don't know about Suse/Redhat/others.
On RH 7.0 and 6.2 it does not seem to matter as far as the
vulnerability is concerned since
$ man -l %x%x%x%x 2>&1 |head -1
man: invalid option -- l
on both systems.
Also,
$ ls -l `which man`
-rwxr-sr-x 1 root man 34800 Jun 30 2000 /usr/bin/man
---
Mate Wierdl | Dept. of Math. Sciences | University of Memphis
