Home page logo

bugtraq logo Bugtraq mailing list archives

Re: SuSe / Debian man package format string vulnerability
From: Roman Drahtmueller <draht () SUSE DE>
Date: Wed, 31 Jan 2001 20:43:55 +0100


This issue has been discussed in vuln-dev (2001-01-26), see:

Posted also on suse security list, and aparently overlooked.

Yes, it was overread on suse-security () suse com, the discussion list.
SuSE's security contact is security () suse de 

There is no guarantee that all of the interesting postings on
suse-security () suse com can be read. :-(

The man package that ships with SuSe Linux ( at least versions 6.1 throught
7.0 ) has a format string vulnerability. Also debian 2.2r2 ( at least ), is
confirmed to have the same problem.

We'll fix it. As soon as we can.

Thanks for the note.

jroberto () spike:~ > man -l %x%x%x%x
man: 4000bc7438049af00: No such file or directory


Joao Gouveia
tharbad () kaotik org

 -                                                                      -
| Roman Drahtm├╝ller      <draht () suse de> //          "Caution: Cape does |
  SuSE GmbH - Security           Phone: //       not enable user to fly."
| N├╝rnberg, Germany     +49-911-740530 // (Batman Costume warning label) |
 -                                                                      -

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]