[20611] in bugtraq
Re: RH7.0: man local gid 15 (man) exploit
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Tue May 15 03:51:32 2001
Date: Mon, 14 May 2001 12:40:59 +0200
From: Olaf Kirch <okir@caldera.de>
To: zenith parsec <zenith_parsec@the-astronaut.com>
Cc: bugtraq@securityfocus.com
Message-ID: <20010514124059.D5030@monad.caldera.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010513200734.9834.qmail@fiver.freemessage.com>; from zenith_parsec@the-astronaut.com on Sun, May 13, 2001 at 08:07:34PM -0000
On Sun, May 13, 2001 at 08:07:34PM -0000, zenith parsec wrote:
> ========================================================
> Vulnerable systems: redhat 7.0 with man-1.5h1-10 (default
> package) and earlier.
> =========================================================
> Heap Based Overflow of man via -S option gives GID man.
Caldera OpenLinux is not vulnerable to this problem. Our man-1.5 package
comes with a patch that forks off a "cache manager" thread that puts
formatted pages into /var/catman, while the man application itself
continues in the foreground without any privilege.
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@caldera.de +-------------------- Why Not?! -----------------------
UNIX, n.: Spanish manufacturer of fire extinguishers.
