Re: RH7.0: man local gid 15 (man) exploit

From: Olaf Kirch (okirat_private)
Date: Mon May 14 2001 - 03:40:59 PDT

Next message: Santi Claus: "iPlanet Web Server 4.1 SP 4-7 Product Alert"

Previous message: Casper Dik: "Re: Solaris /usr/bin/mailx exploit (SPARC)"
In reply to: zenith parsec: "RH7.0: man local gid 15 (man) exploit"
Next in thread: Sylwester : "Re: RH7.0: man local gid 15 (man) exploit [UNCONFIRMED]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, May 13, 2001 at 08:07:34PM -0000, zenith parsec wrote:
> ========================================================
> Vulnerable systems: redhat 7.0 with man-1.5h1-10 (default
> package) and earlier.
> =========================================================
> Heap Based Overflow of man via -S option gives GID man.


Caldera OpenLinux is not vulnerable to this problem. Our man-1.5 package
comes with a patch that forks off a "cache manager" thread that puts
formatted pages into /var/catman, while the man application itself
continues in the foreground without any privilege.

Olaf
-- 
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okirat_private  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okirat_private    +-------------------- Why Not?! -----------------------
         UNIX, n.: Spanish manufacturer of fire extinguishers.

Next message: Santi Claus: "iPlanet Web Server 4.1 SP 4-7 Product Alert"
Previous message: Casper Dik: "Re: Solaris /usr/bin/mailx exploit (SPARC)"
In reply to: zenith parsec: "RH7.0: man local gid 15 (man) exploit"
Next in thread: Sylwester : "Re: RH7.0: man local gid 15 (man) exploit [UNCONFIRMED]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 15 2001 - 00:51:46 PDT