[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : SuSe / Debian man package format string vulnerability

Title: SuSe / Debian man package format string vulnerability
Released by: Joao Gouveia
Date: 31st January 2001
Printable version: Click here
Hi,



This issue has been discussed in vuln-dev (2001-01-26), see:

http://www.securityfocus.com/templates/archive.pike?end=2001-01-27&tid=15872

4&fromthread=0&start=2001-01-21&threads=1&list=82&



Posted also on suse security list, and aparently overlooked.



The man package that ships with SuSe Linux ( at least versions 6.1 throught

7.0 ) has a format string vulnerability. Also debian 2.2r2 ( at least ), is

confirmed to have the same problem.





jroberto@spike:~ > man -l %x%x%x%x

man: 4000bc7438049af00: No such file or directory





Regards,



Joao Gouveia

------------

tharbad@kaotik.org








(C) 1999-2000 All rights reserved.