Re: SuSe / Debian man package format string vulnerability

[Mate Wierdl]

On Sun, Feb 04, 2001 at 01:48:34AM +0100, Robert van der Meulen wrote:
> I don't know about Suse/Redhat/others.

On RH 7.0 and 6.2 it does not seem to matter as far as the
vulnerability is concerned since

$ man -l %x%x%x%x 2>&1  |head -1
man: invalid option -- l

on both systems.

Also,

$ ls -l `which man`
-rwxr-sr-x    1 root     man         34800 Jun 30  2000 /usr/bin/man


---
Mate Wierdl | Dept. of Math. Sciences | University of Memphis