Published: 18/03/2003 Updated: 10/10/2017
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 465
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

man prior to 1.5l allows malicious users to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is then executed as a program via a system call if it is in the search path of the user who runs man.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

andries brouwer man 1.5h1

andries brouwer man 1.5i

andries brouwer man 1.5i2

andries brouwer man 1.5j

andries brouwer man 1.5k


source: wwwsecurityfocuscom/bid/7066/info It has been reported that the man program does not properly handle some types of input When a man page is processed that could pose a potential security risk, the program reacts in a way that may open a window of opportunity for an attacker to execute arbitrary commands $ cat innocent1 so "" ...