Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Roman Drahtmueller (drahtSUSE.DE)
Date: Mon Feb 05 2001 - 16:17:28 CST
> > styxSuxOS-devel:~$ man -l %n%n%n%n
> > man: Segmentation fault
> > styxSuxOS-devel:~$
> > This was on my Debian 2.2 potato system (It doesn't dump core though).
> Just for the record:
> on a lot of systems (including Debian), 'man' is not suid/sgid anything, and
> this doesn't impose a security problem.
> I don't know about Suse/Redhat/others.
SuSE ships the /usr/bin/man command suid man.
After exploiting the man command format string vulnerability, the attacker
can then replace the /usr/bin/man binary with an own program - since the
man command is supposed to be used frequently (especially for administrators),
this imposes a rather high security risk, which deserves some due respect.
We'll provide update packages shortly.
-- - - | Roman Drahtmüller <drahtsuse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -