mailing list archives
SuSe / Debian man package format string vulnerability
From: Joao Gouveia <tharbad () kaotik org>
Date: Wed, 31 Jan 2001 14:22:01 -0000
This issue has been discussed in vuln-dev (2001-01-26), see:
Posted also on suse security list, and aparently overlooked.
The man package that ships with SuSe Linux ( at least versions 6.1 throught
7.0 ) has a format string vulnerability. Also debian 2.2r2 ( at least ), is
confirmed to have the same problem.
jroberto () spike:~ > man -l %x%x%x%x
man: 4000bc7438049af00: No such file or directory
tharbad () kaotik org
- SuSe / Debian man package format string vulnerability Joao Gouveia (Jan 31)