Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Linux man -l Format String Vulnerability

Linux man -l Format String Vulnerability

by platon on February 3rd, 2001 man is the manual page viewing program, included in most variations of the UNIX Operating System. It is freely distributed and openly maintained...


A problem with the man command may allow for the elevation of privileges. Due to the handling of format strings by the man command, it may be possible for a local user to pass format strings to the man command, which could result in the overwriting of space and variables, including the return address on the stack. man, as implemented with some distributions of the Linux operating system, is included as an SUID root binary. Therefore, it may be possible for a malicious user with local access to execute arbitrary code on the stack, and potentially gain elevated privileges, including administrative access.

[Homepage]

This vulnerability was announced to Bugtraq by Joao Gouveia <[email protected]> on January 31, 2001.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »