aru Posted May 6, 2003 Report Share Posted May 6, 2003 MandrakeSoft Security Advisory MDKSA-2003:054 : man May 6th, 2003 Updated man packages fix vulnerability A difficult to exploit vulnerability was discovered in versions of man prior to 1.5l. A bug exists in man that could cause a program named "unsafe" to be executed due to a malformed man file. In order to exploit this bug, a local attacker would have to be able to get another user to read the malformed man file, and the attacker would also have to create a file called "unsafe" that would be located somewhere in the victim's path. The released versions of Mandrake GNU/Linux affected are: 8.2 [*] 8.2/PPC [*] 9.0 [*] 9.1 [*] 9.1/PPC [*] Multi Network Firewall 8.2 [*] Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:054 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0124 http://marc.theaimsgroup.com/?l=bugtraq&m=...40927915154&w=2 Posted automatically by aru (mdksec2mub v0.0.5) Link to comment Share on other sites More sharing options...
Recommended Posts