Rapid7 Vulnerability & Exploit Database

RHSA-2003:133: Updated man packages fix minor vulnerability

Back to Search

RHSA-2003:133: Updated man packages fix minor vulnerability

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
03/18/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated man packages fix a minor security vulnerability.

The man package includes tools for finding and displaying online documentation. Versions of man before 1.51 have a bug where a malformed man file can cause a program named "unsafe" to be run. To exploit this vulnerability a local attacker would need to be able to get a victim to run man on a carefully crafted man file, and for the attacker to be able to create a file called "unsafe" that will be on the victims default path. Red Hat Linux 7.1, 7.2, 7.3, and 8.0 are vulnerable to this issue. Users of man can upgrade to these erratum packages which contain a patch to correct this vulnerability. These erratum packages also contain fixes for a number of other bugs.

Solution(s)

  • redhat-upgrade-man

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;