Man Command -H Flag Local Buffer Overflow Vulnerability
BID:23355
Info
Man Command -H Flag Local Buffer Overflow Vulnerability
| Bugtraq ID: | 23355 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-4250 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 06 2007 12:00AM |
| Updated: | Mar 19 2015 08:32AM |
| Credit: | Debian disclosed this issue. |
| Vulnerable: |
SuSE SUSE Linux Enterprise Server 9 SP3 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise SDK 9 SuSE SUSE Linux Enterprise SDK 10 SuSE Suse Linux Enterprise Desktop 10 SuSE Linux Openexchange Server SuSE Linux Desktop 1.0 SuSE Linux Desktop 10 SuSE Linux 10.1 x86-64 SuSE Linux 10.1 x86 SuSE Linux 10.1 ppc SuSE Linux 10.0 x86-64 SuSE Linux 10.0 x86 SuSE Linux 10.0 ppc S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. SuSE Linux Open-Xchange 4.1 S.u.S.E. SUSE CORE 9 for x86 S.u.S.E. openSUSE 10.2 S.u.S.E. Office Server S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Novell Linux Desktop 1.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Office Server S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 S.u.S.E. Linux Database Server 0 S.u.S.E. Linux Connectivity Server Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: | |
Discussion
Man Command -H Flag Local Buffer Overflow Vulnerability
The 'man' command is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation.
NOTE: Presumably, this issue is exploitable only when 'man' has been installed setuid.
Exploiting this issue allows attackers to execute malicious machine code with the privileges of the 'man' utility. This can result in the compromise of affected computers. Failed exploit attempts will likely result in denial-of-service conditions.
The 'man' command is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation.
NOTE: Presumably, this issue is exploitable only when 'man' has been installed setuid.
Exploiting this issue allows attackers to execute malicious machine code with the privileges of the 'man' utility. This can result in the compromise of affected computers. Failed exploit attempts will likely result in denial-of-service conditions.
Exploit / POC
Man Command -H Flag Local Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Man Command -H Flag Local Buffer Overflow Vulnerability
Solution:
Fixes have been released to address this issue. Please see the references for more information.
Solution:
Fixes have been released to address this issue. Please see the references for more information.
References
Man Command -H Flag Local Buffer Overflow Vulnerability
References:
References: