Bugtraq mailing list archives
Re: SuSe / Debian man package format string vulnerability
From: Roman Drahtmueller <draht () SUSE DE>
Date: Wed, 31 Jan 2001 20:43:55 +0100
Hi, This issue has been discussed in vuln-dev (2001-01-26), see: http://www.securityfocus.com/templates/archive.pike?end=2001-01-27&tid=15872 4&fromthread=0&start=2001-01-21&threads=1&list=82& Posted also on suse security list, and aparently overlooked.
Yes, it was overread on suse-security () suse com, the discussion list. SuSE's security contact is security () suse de. There is no guarantee that all of the interesting postings on suse-security () suse com can be read. :-(
The man package that ships with SuSe Linux ( at least versions 6.1 throught 7.0 ) has a format string vulnerability. Also debian 2.2r2 ( at least ), is confirmed to have the same problem.
We'll fix it. As soon as we can. Thanks for the note.
<quote> jroberto@spike:~ > man -l %x%x%x%x man: 4000bc7438049af00: No such file or directory </quote> Regards, Joao Gouveia ------------ tharbad () kaotik org
Roman. -- - - | Roman Drahtmüller <draht () suse de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
Current thread:
- SuSe / Debian man package format string vulnerability Joao Gouveia (Jan 31)
- Re: SuSe / Debian man package format string vulnerability Roman Drahtmueller (Jan 31)