COMMAND

    man/catman

SYSTEMS AFFECTED

    SunOS 4.1.4 and 4.1.3_U1, Solaris 2.3, 2.4, 2.5, 2.5.1, 2.6, 7

PROBLEM

    Following is based  on  Sun Microsystems  Security Bulletin.   The
    man command displays information from the reference manuals.   The
    catman  utility  creates  preformatted  versions  of  the  on-line
    manuals.  Vulnerabilities have been discovered with these commands
    that may  be exploited  to overwrite  arbitrary files  when man or
    catman  is  executed  by  root.   It  sounds  like man #1 in Linux
    section.

SOLUTION

    Sun recommends that you install the respective patches immediately
    on affected systems:

	Operating System     Patch ID
	_________________   _________
	Solaris 7           107038-01
	Solaris 7_x86       107039-01
	Solaris 2.6         106123-04
	Solaris 2.6_x86     106124-04
	Solaris 2.5.1       106905-01
	Solaris 2.5.1_x86   106906-01
	Solaris 2.5         106907-01
	Solaris 2.5_x86     106908-01
	Solaris 2.4         106912-01
	Solaris 2.4_x86     106962-01
	Solaris 2.3         106911-01
	SunOS   4.1.4       107157-01
			    107144-01
	SunOS   4.1.3_U1    107156-01
			    107143-01