The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


SuSe / Debian man package format string vulnerability


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Wed, 31 Jan 2001 14:22:01 -0000
From: Joao Gouveia <[email protected]>
To: [email protected]
Subject: SuSe / Debian man package format string vulnerability

Hi,

This issue has been discussed in vuln-dev (2001-01-26), see:
http://www.securityfocus.com/templates/archive.pike?end=2001-01-27&tid=15872
4&fromthread=0&start=2001-01-21&threads=1&list=82&

Posted also on suse security list, and aparently overlooked.

The man package that ships with SuSe Linux ( at least versions 6.1 throught
7.0 ) has a format string vulnerability. Also debian 2.2r2 ( at least ), is
confirmed to have the same problem.

<quote>
jroberto@spike:~ > man -l %x%x%x%x
man: 4000bc7438049af00: No such file or directory
</quote>

Regards,

Joao Gouveia
------------
[email protected]

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру