https://www.exploit-db.com/exploits/22189
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200302-019

包含在MandrakeLinux打印驱动包中的mtink状态监视器存在缓冲区溢出漏洞。本地用户可以借助超长HOME环境变量执行任意代码。

source: http://www.securityfocus.com/bid/6656/info

mtink is prone to a locally exploitable buffer overflow condition. This is due to insufficient bounds checking of the HOME environment variable.

mtink is reportedly installed setgid 'sys' on Mandrake Linux, so it is possible that this issue may be exploited to execute arbitrary code with elevated privileges. Other distributions may also be affected if mtink is installed or runs with elevated privileges.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/22189.tar.gz

来源:www.idefense.com
链接:http://www.idefense.com/advisory/01.21.03.txt
来源:VULNWATCH
名称:20030121iDEFENSESecurityAdvisory01.21.03:BufferOverflowsinMandrakeLinuxprinter-driversPackage
链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html
来源:SECTRACK
名称:1005959
链接:http://www.securitytracker.com/id?1005959
来源:BID
名称:6656
链接:http://www.securityfocus.com/bid/6656
来源:MANDRAKE
名称:MDKSA-2003:010
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2003:010