[19020] in bugtraq

home help back first fref pref prev next nref lref last post

Re: SuSe / Debian man package format string vulnerability

daemon@ATHENA.MIT.EDU (Graham Hughes)
Mon Feb 5 20:19:16 2001

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id:  <87ofwgq5xk.fsf@ash.i-did-not-set--mail-host-address--so-shoot-me>
Date:         Mon, 5 Feb 2001 11:35:19 -0800
Reply-To: Graham Hughes <graham@LYNDA.COM>
From: Graham Hughes <graham@LYNDA.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <3A7E8FD7.FF012EF3@hushmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John <johns@HUSHMAIL.COM> writes:

> On my Debian 2.2 system 'man' was installed
> suid root. I don't know about Debian 2.3 but,
> Debian 2.2 does install 'man' suid root.

graham@lonestar:~$ cat /etc/debian_version
2.2
graham@lonestar:~$ dpkg --listfiles man-db | grep bin
/usr/bin
/usr/bin/manpath
/usr/bin/catman
/usr/bin/whatis
/usr/bin/apropos
/usr/bin/wrapper
/usr/bin/man
/usr/bin/mandb
/usr/bin/zsoelim
/usr/sbin
/usr/sbin/accessdb
graham@lonestar:~$ dpkg --listfiles man-db | grep bin/ | xargs ls -l
- -rwxr-xr-x    1 root     root        28064 Apr  4  2000 /usr/bin/apropos
- -rwxr-xr-x    1 root     root        28704 Apr  4  2000 /usr/bin/catman
- -rwxr-xr-x    3 root     root         4832 Apr  4  2000 /usr/bin/man
- -rwxr-xr-x    3 root     root         4832 Apr  4  2000 /usr/bin/mandb
- -rwxr-xr-x    1 root     root        19832 Apr  4  2000 /usr/bin/manpath
- -rwxr-xr-x    1 root     root        27712 Apr  4  2000 /usr/bin/whatis
- -rwxr-xr-x    3 root     root         4832 Apr  4  2000 /usr/bin/wrapper
- -rwxr-xr-x    1 root     root        16172 Apr  4  2000 /usr/bin/zsoelim
- -rwxr-xr-x    1 root     root        11476 Apr  4  2000 /usr/sbin/accessdb
graham@lonestar:~$

Ahem.
- --
Graham Hughes <graham@lynda.com>
PGP fingerprint: 1F1D 0027 B835 E114 3F5B  2C7C 64D1 83A0 C5C7 312A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard <http://www.gnupg.org/>

iD8DBQE6fwBuZNGDoMXHMSoRAoUkAJ0XvGFxwLJgNl4yJ7Ip1R8jy33KyACgmZiM
9l7Wsa4J9A6+wbBIctaXKj4=
=iOSf
-----END PGP SIGNATURE-----
home help back first fref pref prev next nref lref last post