CVE-2003-0124
CVE-2003-0124
man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is then executed as a program via a system call if it is in the search path of the user who runs man.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/22344unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000620http://marc.info/?l=bugtraq&m=104740927915154&w=2http://marc.info/?l=bugtraq&m=104802285112752&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/11512http://www.redhat.com/support/errata/RHSA-2003-133.htmlhttp://www.redhat.com/support/errata/RHSA-2003-134.htmlhttp://www.securityfocus.com/bid/7066