// For flags

CVE-2003-0124

Man Program 1.5 - Unsafe Return Value Command Execution

Severity Score

4.6
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is then executed as a program via a system call if it is in the search path of the user who runs man.

man anterior a 1.51 permite a atacantes ejecutar código de su elección mediante un fichero man con comillas mal colocadas, lo que causa que la función my_xsprintf devuelva una cadena con el valor "unsafe", que es entonces ejecutado como un programa mediante una llamada al sistema si se encuentra en la ruta de búsqueda del usuario que ejecuta man.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2003-03-11 First Exploit
  • 2003-03-12 CVE Reserved
  • 2003-03-18 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-08 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Andries Brouwer
Search vendor "Andries Brouwer"
Man
Search vendor "Andries Brouwer" for product "Man"
1.5h1
Search vendor "Andries Brouwer" for product "Man" and version "1.5h1"
-
Affected
Andries Brouwer
Search vendor "Andries Brouwer"
Man
Search vendor "Andries Brouwer" for product "Man"
1.5i
Search vendor "Andries Brouwer" for product "Man" and version "1.5i"
-
Affected
Andries Brouwer
Search vendor "Andries Brouwer"
Man
Search vendor "Andries Brouwer" for product "Man"
1.5i2
Search vendor "Andries Brouwer" for product "Man" and version "1.5i2"
-
Affected
Andries Brouwer
Search vendor "Andries Brouwer"
Man
Search vendor "Andries Brouwer" for product "Man"
1.5j
Search vendor "Andries Brouwer" for product "Man" and version "1.5j"
-
Affected
Andries Brouwer
Search vendor "Andries Brouwer"
Man
Search vendor "Andries Brouwer" for product "Man"
1.5k
Search vendor "Andries Brouwer" for product "Man" and version "1.5k"
-
Affected