Vulnerability Development mailing list archives
man -K input validation
From: "Rasta C. Shell" <rasta () RSHELL ORG>
Date: Tue, 20 Feb 2001 16:53:40 +0200
I don't know if this will be any interesting since i don't think it can gives you man uid/gid, but while looking at the man source code to see whats seg-faulting the -K <longbuff> (didn't find anything, maybe it's the grep that faults?) I notice that the -K <input> line is not being validated before calling system, so a: man -K "';`/usr/bin/id`" will run /usr/bin/id by man for you. luckily there's a setuid/gid call before system. -- http://www.rshell.org Join #shellcode on EFnet. rasta () rshell org
Current thread:
- man -K input validation Rasta C. Shell (Feb 20)
- Re: man -K input validation Reb (Feb 21)