Red Hat Bugzilla – Bug 10338
man overflow exploit.
Last modified: 2008-05-01 11:37:55 EDT
A buffer overflow exists in the implementation of the 'man' program
shipped with RedHat Linux, and other LInux vendors. By carefully
crafting a long buffer of machine executable code, and placing it in the
MANPATH environmental variable, it becomes possible for a would be
attacker to gain egid man.
This has been reported and fixed a couple of months ago.
We didn't release an errata package because it is non-critical; at the very
worst, someone getting gid man can present false man pages to users who access
the previously generated man page cache instead of rebuilding the man pages.
*** This bug has been marked as a duplicate of 9892 ***