Bugtraq mailing list archives
Re: RH7.0: man local gid 15 (man) exploit
From: aleph1 () securityfocus com
Date: Wed, 16 May 2001 02:27:18 -0600
Summary of responses in this thread: From: PJ <briareos () otherlands net> Doesn't work on Slackware 7.1 This is the result: elvander:~$ man -S `perl -e 'print ":" x 100'` What manual page do you want? elvander:~$ From: Alvin Oga <alvin.sec () Mail Linux-Consulting com> i have many patched rh-7.0 ( patched available on March 13, 2001 ) redhat:/usr/src# man -S `perl -e 'print ":" x 100'` What manual page do you want? ----------- redhat:/usr/src# cat /etc/issue Red Hat Linux release 7.0 (Guinness) Kernel 2.2.18-cdhs on an i586 redhat:/usr/src# man -v man, version 1.5h redhat:/usr/src# uname -a Linux redhat 2.2.18-cdhs #5 SMP Wed Jan 31 05:23:44 PST 2001 i586 unknown redhat's default kernel is 2.2.16-22 From: rcs <rasta () RSHELL ORG> Are you sure this has anything to do with heap or buffer overflow ? man -S : man.page will also core dump (Suse btw). From: Joris Roefs <jroefs () zedd nl> [jroefs@router jroefs]$ cat /etc/issue Red Hat Linux release 7.0 (Guinness) Kernel 2.2.19 on an i586 [jroefs@router jroefs]$ man -S `perl -e 'print ":" x 100'` What manual page do you want? Seems that not all RedHat 7.0 installations are vulnerable. This installation is (except for the kernel, as you've propably noticed) as standard as possible, with all existing errata yet to be installed. Could it be that an other (updated) package is responsable for the overflow? From: Hugh Mc Gauran <hugh.mcgauran () skynet ie> confirmed as well on debian woody.. From: "Patrick P. Murphy" <pmurphy () NRAO EDU> Red Hat 7.1 with man-1.5h1-20 is not vulnerable. Tried 100, 1000, 10000, 100000 with the response "what man page do you want?". At a million, it barfed "argument list too long". From: poke <poke () silverlink net> Ugggghhhh, ignore my last post. Typo in my test case. I got the segfault on a RH7.0 system as well. -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
Current thread:
- Re: RH7.0: man local gid 15 (man) exploit Olaf Kirch (May 15)
- <Possible follow-ups>
- Re: RH7.0: man local gid 15 (man) exploit solar (May 15)
- Re: RH7.0: man local gid 15 (man) exploit Colin Watson (May 16)
- Re: RH7.0: man local gid 15 (man) exploit aleph1 (May 16)
- Re: RH7.0: man local gid 15 (man) exploit Stephen Shirley (May 16)
- Re: RH7.0: man local gid 15 (man) exploit PJ (May 17)