[Full-Disclosure] GLSA: man (200303-13)

From: Daniel Ahlberg (aliz@gentoo.org)
Date: 03/18/03

  • Next message: Juraj Bednar: "[Full-Disclosure] ptrace exploit workaround" 
    From: Daniel Ahlberg <aliz@gentoo.org>
To: full-disclosure@lists.netsys.com
Date: Tue, 18 Mar 2003 19:03:54 +0100

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - - ---------------------------------------------------------------------
    GENTOO LINUX SECURITY ANNOUNCEMENT 200303-13
    - - ---------------------------------------------------------------------

              PACKAGE : man
              SUMMARY : arbitrary code execution
                 DATE : 2003-03-18 18:03 UTC
              EXPLOIT : local
    VERSIONS AFFECTED : <1.5l
        FIXED VERSION : >=1.5l
                  CVE : CAN-2003-0124

    - - ---------------------------------------------------------------------

    - From advisory:

    "man 1.5l was released today, fixing a bug which results in arbitrary code
    execution upon reading a specially formatted man file. The basic problem
    is, upon finding a string with a quoting problem, the function my_xsprintf
    in util.c will return "unsafe" (rather than returning a string which could
    be interpreted by the shell). This return value is passed directly to
    system(3) - meaning if there is any program named `unsafe`, it will execute
    with the privs of the user."

    Read the full advisory at:
    http://marc.theaimsgroup.com/?l=bugtraq&m=104740927915154&w=2

    SOLUTION

    It is recommended that all Gentoo Linux users who are running
    sys-apps/man upgrade to man-1.5l as follows:

    emerge sync
    emerge man
    emerge clean

    - - ---------------------------------------------------------------------
    aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
    - - ---------------------------------------------------------------------
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (GNU/Linux)

    iD8DBQE+d1+AfT7nyhUpoZMRAoNEAKC6r3Fl0cMaewvVnLPR0GYy+6XqTQCfcil/
    dq/EzzvG4HhvhsRan4s8oPY=
    =EHNI
    -----END PGP SIGNATURE-----
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Juraj Bednar: "[Full-Disclosure] ptrace exploit workaround"

    Relevant Pages

    • [Full-Disclosure] GLSA: netscape-flash (200303-9)
      ... GENTOO LINUX SECURITY ANNOUNCEMENT 200303-9 ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ... emerge netscape-flash ...
      (Full-Disclosure)
    • GLSA: rxvt (200303-16)
      ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ... emerge sync ...
      (Bugtraq)
    • GLSA: eterm (200303-1)
      ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ... emerge -u eterm ...
      (Bugtraq)
    • GLSA: vte (200303-2)
      ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ... emerge -u vte ...
      (Bugtraq)
    • [Full-Disclosure] GLSA: snort (200303-6)
      ... arbitrary code on a Snort sensor with the privileges of the Snort IDS ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ... emerge -u snort ...
      (Full-Disclosure)
    Loading