Published: 18/03/2003 Updated: 10/10/2017

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

man prior to 1.5l allows malicious users to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is then executed as a program via a system call if it is in the search path of the user who runs man.

Vulnerable Product	Search on Vulmon	Subscribe to Product
andries brouwer man 1.5h1
andries brouwer man 1.5i
andries brouwer man 1.5i2
andries brouwer man 1.5j
andries brouwer man 1.5k

source: wwwsecurityfocuscom/bid/7066/info It has been reported that the man program does not properly handle some types of input When a man page is processed that could pose a potential security risk, the program reacts in a way that may open a window of opportunity for an attacker to execute arbitrary commands $ cat innocent1 so "" ...

NVD-CWE-Other http://www.securityfocus.com/bid/7066 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000620 http://www.redhat.com/support/errata/RHSA-2003-133.html http://www.redhat.com/support/errata/RHSA-2003-134.html http://marc.info/?l=bugtraq&m=104802285112752&w=2 http://marc.info/?l=bugtraq&m=104740927915154&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/11512 https://nvd.nist.gov https://www.exploit-db.com/exploits/22344/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2003-0124

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect