Bugtraq mailing list archives

Re: man bugs might lead to root compromise (RH 6.1 and other boxes)

From: hdm () SECUREAUSTIN COM (H D Moore)
Date: Mon, 28 Feb 2000 05:54:26 -0600


I tried PAGERas well as every other environment variable I could tell it
read, no luck.  The PAGER just gives me "AAAAAAAAA" ... "AA: Command not
found."

-HD

Michal Zalewski wrote:


On Sun, 27 Feb 2000, H D Moore wrote:

Hi,

I could not reproduce this on a SuSE 6.2 system running:

man, version 2.3.10, db 2.3.1, July 12th, 1995
(G.Wilford () ee surrey ac uk)

My copy is setgid man and I also subjected it to 4,8, and 20 kb buffers
in every envrionment variable it uses without it flinching.


Try setting PAGER instead of MANPAGER - older man version used it.

_______________________________________________________
Michal Zalewski * [lcamtuf () ags pl] <=> [AGS WAN SYSADM]
[dione.ids.pl SYSADM] <-> [http://lcamtuf.na.export.pl]
[+48 22 551 45 93] [+48 603 110 160] bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=

Current thread:

Advisory: Foundry Networks ServerIron TCP/IP sequence predictability, (continued)
- - - Advisory: Foundry Networks ServerIron TCP/IP sequence predictability Andrew van der Stock (Feb 27)
  - Zonealarm exports sensitive data Andrew Daviel (Feb 24)
    - Re: Zonealarm exports sensitive data Brett Glass (Feb 25)
    - Re: Zonealarm exports sensitive data Robert Graham (Feb 28)
  - Re: Wordpad vulnerability, exploitable also in IE for Win9x Curtis Anderson, CNE, MCSE (Feb 25)
  - Troj_Trinoo and ZZ Simple Nomad (Feb 25)
    - man bugs might lead to root compromise (RH 6.1 and other boxes) Michal Zalewski (Feb 26)
    - Re: man bugs might lead to root compromise (RH 6.1 and other boxes) Mark Whitis (Feb 27)
    - Re: man bugs might lead to root compromise (RH 6.1 and other boxes) H D Moore (Feb 27)
    - Re: man bugs might lead to root compromise (RH 6.1 and other boxes) Michal Zalewski (Feb 28)
    - Re: man bugs might lead to root compromise (RH 6.1 and other boxes) H D Moore (Feb 28)
    - DOS in TrendMicro OfficeScan Veille Technologique (Feb 28)
    - TrendMicro OfficeScan tmlisten.exe DoS Jeff Stevens (Feb 25)
    - Re: Troj_Trinoo and ZZ Simple Nomad (Feb 26)
- Pragma Systems response to USSRLabs report Ussr Labs (Feb 23)
- Re: Wordpad vulnerability, exploitable also in IE for Win9x Pauli Ojanpera (Feb 23)
- Re: Wordpad vulnerability, exploitable also in IE for Win9x Charles Skoglund (Feb 23)
- Re: Wordpad vulnerability, exploitable also in IE for Win9x Sanford Whiteman (Feb 24)