Re: SuSe / Debian man package format string vulnerability

[Robert van der Meulen]

Hi,

Quoting StyX ([EMAIL PROTECTED]):
> styx@SuxOS-devel:~$ man -l %n%n%n%n
> man: Segmentation fault
> styx@SuxOS-devel:~$
>
> This was on my Debian 2.2 potato system (It doesn't dump core though).
Just for the record:
on a lot of systems (including Debian), 'man' is not suid/sgid anything, and
this doesn't impose a security problem.
I don't know about Suse/Redhat/others.

Greets,
        Robert

--
                                Linux Generation