[ SOURCE: http://www.secureroot.com/security/advisories/9809703175.html ]

Hi,



This issue has been discussed in vuln-dev (2001-01-26), see:

http://www.securityfocus.com/templates/archive.pike?end=2001-01-27&tid=15872

4&fromthread=0&start=2001-01-21&threads=1&list=82&



Posted also on suse security list, and aparently overlooked.



The man package that ships with SuSe Linux ( at least versions 6.1 throught

7.0 ) has a format string vulnerability. Also debian 2.2r2 ( at least ), is

confirmed to have the same problem.



<quote>

jroberto@spike:~ > man -l %x%x%x%x

man: 4000bc7438049af00: No such file or directory

</quote>



Regards,



Joao Gouveia

------------

tharbad@kaotik.org