[19011] in bugtraq
Re: SuSe / Debian man package format string vulnerability
daemon@ATHENA.MIT.EDU (John)
Mon Feb 5 15:31:07 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <3A7E8FD7.FF012EF3@hushmail.com>
Date: Mon, 5 Feb 2001 06:34:47 -0500
Reply-To: John <johns@HUSHMAIL.COM>
From: John <johns@HUSHMAIL.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
On my Debian 2.2 system 'man' was installed
suid root. I don't know about Debian 2.3 but,
Debian 2.2 does install 'man' suid root.
Robert van der Meulen wrote:
>
> Hi,
>
> Quoting StyX (styx@MAILBOX.AS):
> > styx@SuxOS-devel:~$ man -l %n%n%n%n
> > man: Segmentation fault
> > styx@SuxOS-devel:~$
> >
> > This was on my Debian 2.2 potato system (It doesn't dump core though).
> Just for the record:
> on a lot of systems (including Debian), 'man' is not suid/sgid anything, and
> this doesn't impose a security problem.
> I don't know about Suse/Redhat/others.
>
> Greets,
> Robert
>
> --
> Linux Generation
