4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
A buffer overflow has been discovered in the man command that could
allow an attacker to execute code as the man user by providing
specially crafted arguments to the -H flag. This is likely to be an
issue only on machines with the man and mandb programs installed
setuid.
For the stable distribution (sarge), this problem has been fixed in
version 2.4.2-21sarge1.
For the upcoming stable distribution (etch) and the unstable
distribution (sid), this problem has been fixed in version 2.4.3-5.
We recommend that you upgrade your man-db package.