[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] [+] Vulnerability in less version 394 and prior
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] [+] Vulnerability in less version 394 and prior
- From: fdlist@xxxxxxxxxxxxxxxxxx
- Date: Tue, 30 Oct 2007 23:41:39 -0500
$ LESSOPEN=/bin/sh less /dev/null
sh-3.2$
On Tuesday 30 October 2007, glopeda.com wrote:
> There exists a format strings bug in the less application present in
> most flavors of UNIX. It could be leveraged for privilege escalation
> if the calling application is setuid/setgid and does not properly drop
> privileges.
>
> Meager demonstration:
> $ export LESSOPEN=%s%n
> $ less somefile
> Segmentation fault
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/