Mandrake Linux Security Advisory : man (MDKSA-2003:054)
Medium Nessus Plugin ID 14038
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionA difficult to exploit vulnerability was discovered in versions of man prior to 1.5l. A bug exists in man that could cause a program named 'unsafe' to be executed due to a malformed man file. In order to exploit this bug, a local attacker would have to be able to get another user to read the malformed man file, and the attacker would also have to create a file called 'unsafe' that would be located somewhere in the victim's path.
SolutionUpdate the affected man package.