Gentoo Linux 200306-06: Local Format String Exploit for Man Package
gentoo
June 14, 2003
man v1.5l, and below, contain a format string vulnerability.the vulnerability occurs when man uses an optional catalog file, suppliedby the NLSPATH/LANG environmental variables.
Summary
- - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200306-06 - - ---------------------------------------------------------------------
- - ---------------------------------------------------------------------
from advisory: "man v1.5l, and below, contain a format string vulnerability. the vulnerability occurs when man uses an optional catalog file, supplied by the NLSPATH/LANG environmental variables."
Read the full advisory at http://marc.theaimsgroup.com/?l=bugtraq&m=105474717920585&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running sys-apps/man upgrade to man-1.5l-r5 as follows
emerge sync emerge man emerge clean
- - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at - - ---------------------------------------------------------------------
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
PACKAGE : man
SUMMARY : format string exploit
DATE : 2003-06-14 16:40 UTC
EXPLOIT : local
VERSIONS AFFECTED : =man-1.5l-r5
CVE :
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!