Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: GLSA: man (200303-13)
Date: Wed, 19 Mar 2003 16:07:32
Message-Id: 20030318180313.B0F7F5763@mail2.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200303-13
6 - - ---------------------------------------------------------------------
7
8 PACKAGE : man
9 SUMMARY : arbitrary code execution
10 DATE : 2003-03-18 18:03 UTC
11 EXPLOIT : local
12 VERSIONS AFFECTED : <1.5l
13 FIXED VERSION : >=1.5l
14 CVE : CAN-2003-0124
15
16 - - ---------------------------------------------------------------------
17
18 - From advisory:
19
20 "man 1.5l was released today, fixing a bug which results in arbitrary code
21 execution upon reading a specially formatted man file. The basic problem
22 is, upon finding a string with a quoting problem, the function my_xsprintf
23 in util.c will return "unsafe" (rather than returning a string which could
24 be interpreted by the shell). This return value is passed directly to
25 system(3) - meaning if there is any program named `unsafe`, it will execute
26 with the privs of the user."
27
28 Read the full advisory at:
29 http://marc.theaimsgroup.com/?l=bugtraq&m=104740927915154&w=2
30
31 SOLUTION
32
33 It is recommended that all Gentoo Linux users who are running
34 sys-apps/man upgrade to man-1.5l as follows:
35
36 emerge sync
37 emerge man
38 emerge clean
39
40 - - ---------------------------------------------------------------------
41 aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz
42 - - ---------------------------------------------------------------------
43 -----BEGIN PGP SIGNATURE-----
44 Version: GnuPG v1.2.1 (GNU/Linux)
45
46 iD8DBQE+d1+AfT7nyhUpoZMRAoNEAKC6r3Fl0cMaewvVnLPR0GYy+6XqTQCfcil/
47 dq/EzzvG4HhvhsRan4s8oPY=
48 =EHNI
49 -----END PGP SIGNATURE-----