CVE-2003-0124

man - Remote Code Execution via Malformed Man File with Improper Quotes

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0124. PoCs published by Jack Lloyd.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in the man program (CVE-2003-0124) by leveraging improper handling of the .so directive in man pages. An attacker can craft a malicious man page that executes arbitrary commands when processed.

Description

man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is then executed as a program via a system call if it is in the search path of the user who runs man.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jack Lloyd · textlocallinux

https://www.exploit-db.com/exploits/22344

View Code ZIP pw:eip

This exploit demonstrates a command injection vulnerability in the man program (CVE-2003-0124) by leveraging improper handling of the .so directive in man pages. An attacker can craft a malicious man page that executes arbitrary commands when processed.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: man (version not specified, likely older versions)

No auth needed

Prerequisites: Ability to create or modify man pages on the target system

MITRE ATT&CK