42474 – (CVE-2003-0645) VUL-0: CVE-2003-0645: mandb overflow

Bug 42474 (CVE-2003-0645) - VUL-0: CVE-2003-0645: mandb overflow

Summary: VUL-0: CVE-2003-0645: mandb overflow

Status:	RESOLVED FIXED

Alias:	CVE-2003-0645

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	All Linux

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assignee:	Dr. Werner Fink
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2003-06-23 17:57 UTC by Thomas Biege
Modified:	2021-10-11 14:03 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
mandb SL 8.2 exploit (1.76 KB, application/octet-stream) 2003-06-23 20:09 UTC, Sebastian Krahmer	Details
a patch :) (1.79 KB, patch) 2003-06-23 20:10 UTC, Sebastian Krahmer	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2003-06-23 17:57:25 UTC

Local attackers can gain UID man. Simple
overflow on the stack via sprintf().

Comment 1 Sebastian Krahmer 2003-06-23 17:57:25 UTC

<!-- SBZ_reproduce  -->
Special entries in .manpath are needed.

Comment 2 Sebastian Krahmer 2003-06-23 20:09:07 UTC

Created attachment 12954 [details]
mandb SL 8.2 exploit

Comment 3 Sebastian Krahmer 2003-06-23 20:10:36 UTC

Created attachment 12955 [details]
a patch :)

Comment 4 Dr. Werner Fink 2003-07-09 20:23:54 UTC

OK ... beside that the patch doesn't fit for 7.2, 7.0-s390, 7.0-server
and I had to create an other solution, the stuff is at /work/src/done/

Comment 5 Thomas Biege 2003-08-06 17:15:30 UTC

<!-- SBZ_reopen -->Reopened by thomas@suse.de at Wed Aug  6 11:15:30 2003, took initial reporter krahmer@suse.de to cc

Comment 6 Thomas Biege 2003-08-06 17:15:30 UTC

Hm, I looked at /work/src/done and at the autobuild stats and cant find 
anything about man. 
Is it fixed? Or is it lost?

Comment 7 Thomas Biege 2003-08-06 17:17:26 UTC

BTW, the following two links provide more info: 
http://www.securityfocus.com/archive/1/330907 
http://www.securityfocus.com/archive/1/331126

Comment 8 Dr. Werner Fink 2003-08-06 17:38:26 UTC

Already checked in!

Comment 9 Dr. Werner Fink 2003-08-06 20:58:30 UTC

Sorry but this bug IS fixed and I HAVE checked in the
appropiate packages together with ALL needed putonftp
and patchinfo files:

/suse/werner> find /work/SRC/old-versions/ -name man.changes | xargs grep 27474
/work/SRC/old-versions/7.2/all/man/man.changes:- Security fix (bug 42474)
/work/SRC/old-versions/7.3/all/man/man.changes:- Security fix (bug 42474)
/work/SRC/old-versions/8.0/all/man/man.changes:- Security fix (bug 42474)
/work/SRC/old-versions/8.1/UL/all/man/man.changes:- Security fix (bug 42474)
/work/SRC/old-versions/8.2/all/man/man.changes:- Security fix (bug 42474)
/work/SRC/old-versions/7.0-s390/all/man/man.changes:- Security fix (bug 42474)