Re: SuSe / Debian man package format string vulnerability

[John]

On my Debian 2.2 system 'man' was installed
suid root. I don't know about Debian 2.3 but,
Debian 2.2 does install 'man' suid root.

Robert van der Meulen wrote:
>
> Hi,
>
> Quoting StyX ([EMAIL PROTECTED]):
> > styx@SuxOS-devel:~$ man -l %n%n%n%n
> > man: Segmentation fault
> > styx@SuxOS-devel:~$
> >
> > This was on my Debian 2.2 potato system (It doesn't dump core though).
> Just for the record:
> on a lot of systems (including Debian), 'man' is not suid/sgid anything, and
> this doesn't impose a security problem.
> I don't know about Suse/Redhat/others.
>
> Greets,
>         Robert
>
> --
>                                 Linux Generation