Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Troff dangerous.
From: smb () RESEARCH ATT COM (Steven M. Bellovin)
Date: Mon, 26 Jul 1999 15:28:39 -0400

In message <199907251418.KAA05569 () loverso southborough ma us>, John Robert LoVe
rso writes:

This isn't a problem with "troff" or any of it's varients.  Instead,
this is an exploit purely with "groff", the GNU reimplementation.  Troff
doesn't have the file stream or ".pso" requests; those are purely part
of groff.

Thus, this affects only systems with groff installed (all Linux and FreeBSD
systems, at least).

John


Umm, not quite.  My 1976 (no, that's not a typo) nroff/troff manual has
.pi -- pipe output to program; .sy is also ancient, and probably there since
at least since 1977.  My 1981 addendum also lists .! as another way to do
shell escapes.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]