Bug 42474 (CVE-2003-0645)

Summary: VUL-0: CVE-2003-0645: mandb overflow
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: IncidentsAssignee: Dr. Werner Fink <werner>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: krahmer, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: mandb SL 8.2 exploit
a patch :)

Description Sebastian Krahmer 2003-06-23 17:57:25 UTC 
Local attackers can gain UID man. Simple
overflow on the stack via sprintf().
Comment 1 Sebastian Krahmer 2003-06-23 17:57:25 UTC 
<!-- SBZ_reproduce  -->
Special entries in .manpath are needed.
Comment 2 Sebastian Krahmer 2003-06-23 20:09:07 UTC 
Created attachment 12954 [details]
mandb SL 8.2 exploit
Comment 3 Sebastian Krahmer 2003-06-23 20:10:36 UTC 
Created attachment 12955 [details]
a patch :)
Comment 4 Dr. Werner Fink 2003-07-09 20:23:54 UTC 
OK ... beside that the patch doesn't fit for 7.2, 7.0-s390, 7.0-server
and I had to create an other solution, the stuff is at /work/src/done/
Comment 5 Thomas Biege 2003-08-06 17:15:30 UTC 
<!-- SBZ_reopen -->Reopened by thomas@suse.de at Wed Aug  6 11:15:30 2003, took initial reporter krahmer@suse.de to cc
Comment 6 Thomas Biege 2003-08-06 17:15:30 UTC 
Hm, I looked at /work/src/done and at the autobuild stats and cant find 
anything about man. 
Is it fixed? Or is it lost?
Comment 7 Thomas Biege 2003-08-06 17:17:26 UTC 
BTW, the following two links provide more info: 
http://www.securityfocus.com/archive/1/330907 
http://www.securityfocus.com/archive/1/331126
Comment 8 Dr. Werner Fink 2003-08-06 17:38:26 UTC 
Already checked in!
Comment 9 Dr. Werner Fink 2003-08-06 20:58:30 UTC 
Sorry but this bug IS fixed and I HAVE checked in the
appropiate packages together with ALL needed putonftp
and patchinfo files:

/suse/werner> find /work/SRC/old-versions/ -name man.changes | xargs grep 27474
/work/SRC/old-versions/7.2/all/man/man.changes:- Security fix (bug 42474)
/work/SRC/old-versions/7.3/all/man/man.changes:- Security fix (bug 42474)
/work/SRC/old-versions/8.0/all/man/man.changes:- Security fix (bug 42474)
/work/SRC/old-versions/8.1/UL/all/man/man.changes:- Security fix (bug 42474)
/work/SRC/old-versions/8.2/all/man/man.changes:- Security fix (bug 42474)
/work/SRC/old-versions/7.0-s390/all/man/man.changes:- Security fix (bug 42474)