Bugtraq mailing list archives

Re: RH7.0: man local gid 15 (man) exploit

From: Olaf Kirch <okir () caldera de>
Date: Mon, 14 May 2001 12:40:59 +0200

On Sun, May 13, 2001 at 08:07:34PM -0000, zenith parsec wrote:

========================================================
Vulnerable systems: redhat 7.0 with man-1.5h1-10 (default
package) and earlier.
=========================================================
Heap Based Overflow of man via -S option gives GID man.



Caldera OpenLinux is not vulnerable to this problem. Our man-1.5 package
comes with a patch that forks off a "cache manager" thread that puts
formatted pages into /var/catman, while the man application itself
continues in the foreground without any privilege.

Olaf
-- 
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir () monad swb de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir () caldera de    +-------------------- Why Not?! -----------------------
         UNIX, n.: Spanish manufacturer of fire extinguishers.

Current thread:

Re: RH7.0: man local gid 15 (man) exploit Olaf Kirch (May 15)
- <Possible follow-ups>
- Re: RH7.0: man local gid 15 (man) exploit solar (May 15)
- Re: RH7.0: man local gid 15 (man) exploit Colin Watson (May 16)
- Re: RH7.0: man local gid 15 (man) exploit aleph1 (May 16)
- Re: RH7.0: man local gid 15 (man) exploit Stephen Shirley (May 16)
  - Re: RH7.0: man local gid 15 (man) exploit PJ (May 17)