Bugtraq mailing list archives
Re: RH7.0: man local gid 15 (man) exploit
From: Olaf Kirch <okir () caldera de>
Date: Mon, 14 May 2001 12:40:59 +0200
On Sun, May 13, 2001 at 08:07:34PM -0000, zenith parsec wrote:
======================================================== Vulnerable systems: redhat 7.0 with man-1.5h1-10 (default package) and earlier. ========================================================= Heap Based Overflow of man via -S option gives GID man.
Caldera OpenLinux is not vulnerable to this problem. Our man-1.5 package comes with a patch that forks off a "cache manager" thread that puts formatted pages into /var/catman, while the man application itself continues in the foreground without any privilege. Olaf -- Olaf Kirch | --- o --- Nous sommes du soleil we love when we play okir () monad swb de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax okir () caldera de +-------------------- Why Not?! ----------------------- UNIX, n.: Spanish manufacturer of fire extinguishers.
Current thread:
- Re: RH7.0: man local gid 15 (man) exploit Olaf Kirch (May 15)
- <Possible follow-ups>
- Re: RH7.0: man local gid 15 (man) exploit solar (May 15)
- Re: RH7.0: man local gid 15 (man) exploit Colin Watson (May 16)
- Re: RH7.0: man local gid 15 (man) exploit aleph1 (May 16)
- Re: RH7.0: man local gid 15 (man) exploit Stephen Shirley (May 16)
- Re: RH7.0: man local gid 15 (man) exploit PJ (May 17)