makewhatis in the man package prior to 1.5i2 allows an attacker in group man to overwrite arbitrary files via a man page whose name contains shell metacharacters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wolfram schneider makewhatis |