[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [+] Vulnerability in less version 394 and prior

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] [+] Vulnerability in less version 394 and prior
From: "glopeda.com" <glopeda@xxxxxxxxxxx>
Date: Wed, 31 Oct 2007 00:29:15 -0400

From: glopeda@xxxxxxxxxxx
Application: less 394 and prior
Type: Format strings vulnerability
Priority: Low

There exists a format strings bug in the less application present in
most flavors of UNIX.  It could be leveraged for privilege escalation
if the calling application is setuid/setgid and does not properly drop
privileges.

Meager demonstration:
$ export LESSOPEN=%s%n
$ less somefile
Segmentation fault
$

See http://www.glopeda.com for more details.

-- 
Site: http://www.glopeda.com
E-mail: glopeda@xxxxxxxxxxx
Name: Mitch

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] [+] Vulnerability in less version 394 and prior
  - From: fdlist
- Re: [Full-disclosure] [+] Vulnerability in less version 394 and prior
  - From: Jonathan Smith

Prev by Date: Re: [Full-disclosure] spammer wades into US Presidential race
Next by Date: Re: [Full-disclosure] [+] Vulnerability in less version 394 and prior
Previous by thread: [Full-disclosure] In Memoriam: Jun-ichiro Hagino
Next by thread: Re: [Full-disclosure] [+] Vulnerability in less version 394 and prior
Index(es):
- Date
- Thread