Vulnerabilities > CVE-2001-0193

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
debian
suse
nessus
exploit available

Summary

Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter.

Vulnerable Configurations

Part Description Count
OS
Debian
6
OS
Suse
3

Exploit-Db

descriptionDebian 2.2,S.u.S.E 6.3/6.4/7.0 man -l Format String Vulnerability. CVE-2001-0193. Local exploit for linux platform
idEDB-ID:20604
last seen2016-02-02
modified2001-01-31
published2001-01-31
reporterIhaQueR
sourcehttps://www.exploit-db.com/download/20604/
titleDebian 2.2, S.u.S.E 6.3/6.4/7.0 - man -l Format String Vulnerability

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-028.NASL
descriptionStyx has reported that the program `man
last seen2020-06-01
modified2020-06-02
plugin id14865
published2004-09-29
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14865
titleDebian DSA-028-1 : man-db - format string vulnerability
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-028. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(14865);
  script_version("1.15");
  script_cvs_date("Date: 2019/08/02 13:32:16");

  script_cve_id("CVE-2001-0193");
  script_xref(name:"DSA", value:"028");

  script_name(english:"Debian DSA-028-1 : man-db - format string vulnerability");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Styx has reported that the program `man' mistakenly passes malicious
strings (i.e. containing format characters) through routines that were
not meant to use them as format strings. Since this could cause a
segmentation fault and privileges were not dropped it may lead to an
exploit for the 'man' user."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2001/dsa-028"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade the man-db package immediately."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:man-db");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2001/02/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"2.2", prefix:"man-db", reference:"2.3.16-1.1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");