Linux各种分派缓冲区溢出漏洞

漏洞ID	1106344	漏洞类型	缓冲区溢出
发布时间	2001-05-13	更新时间	2006-09-15
CVE编号	CVE-2001-0641	CNNVD-ID	CNNVD-200109-068
漏洞平台	Linux	CVSS评分	4.6

|漏洞来源

https://www.exploit-db.com/exploits/20843
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200109-068

|漏洞详情

Linux的各种分派的man程序存在缓冲区溢出漏洞。本地用户可以和组员一样借助超长-S选项执行任意代码。

|漏洞EXP

source: http://www.securityfocus.com/bid/2711/info

A heap overflow vulnerability exists in the 'man' system manual pager program.

The vulnerability exists due to a length check error when the -S option is given. As a result, it may be possible for a local user to execute arbitrary code with group 'man' privileges. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/20843.tar.gz

|参考资料

来源:XF
名称:man-s-bo(6530)
链接:http://xforce.iss.net/static/6530.php
来源:BID
名称:2711
链接:http://www.securityfocus.com/bid/2711
来源:REDHAT
名称:RHSA-2001:069
链接:http://www.redhat.com/support/errata/RHSA-2001-069.html
来源:BUGTRAQ
名称:20010513RH7.0:/usr/bin/manexploit:gidman+more
链接:http://archives.neohapsis.com/archives/bugtraq/2001-05/0087.html
来源:BUGTRAQ
名称:20010612man1.5h10+man1.5i-4exploits
链接:http://www.securityfocus.com/archive/1/190136
来源:SUSE
名称:SuSE-SA:2001:019
链接:http://www.novell.com/linux/security/advisories/2001_019_man_txt.html

Linux各种分派缓冲区溢出漏洞

|漏洞来源

|漏洞详情

|漏洞EXP

|参考资料

检索漏洞

相关漏洞