Re: Re: man package / SuSe format string vulnerabilities
![](https://seccdn.libravatar.org/avatar/7e621538676658a7a3be62cf574cea5c.jpg?s=120&d=mm&r=g)
confirmed on debian 2.2r2... tracing in source of man-db-2.3.16 (man-db-2.3.17 [latest I guess] same
Hi2all
In SuSe 7.0 is the same ...
# man -l %x%x%x%x
man: 4001ee6cbffff8d40bffff8d0: No such file or directory
[ ]'s bacano
----- Original Message -----
From: "syzop"
-- [src/man.c:752]: if (!display ((cwd[0]?cwd:NULL), argv, NULL,
basename(argv))) {
if ( local_mf ) error (0, errno, argv);
<----- HERE
exit_status = NOT_FOUND; }
-- [lib/error.c:80] error (int status, int errnum, const char *message, ...) -- [lib/error.c:102 (editted)] VA_START (args, message); vfprintf (stderr, message, args); --
Auch :)
Cya
Syzop.
Joao Gouveia wrote:
Hi there,
I'm sorry if this is a known issue, but i didn't find nothing related to format strings in this man package. Example follows: <quote> jroberto@spike:~ > cat /etc/issue
Welcome to SuSE Linux 6.3 (i386) - Kernel \r (\l).
jroberto@spike:~ > man -l %x%x%x%x man: 0bffff8600bffff85c: No such file or directory jroberto@spike:~ > man -V man, version 2.3.10, db 2.3.1, July 12th, 1995
(G.Wilford@ee.surrey.ac.uk)
</quote>
AFAIK, suse 7.0 also ships with this 'man'. Can anyone confirm this?
Best regards,
Joao Gouveia -------------- tharbad@kaotik.org
participants (1)
-
bacano