Full Disclosure mailing list archives

[+] Vulnerability in less version 394 and prior

From: glopeda.com <glopeda () glopeda com>
Date: Wed, 31 Oct 2007 00:29:15 -0400

From: glopeda () glopeda com
Application: less 394 and prior
Type: Format strings vulnerability
Priority: Low

There exists a format strings bug in the less application present in
most flavors of UNIX.  It could be leveraged for privilege escalation
if the calling application is setuid/setgid and does not properly drop
privileges.

Meager demonstration:
$ export LESSOPEN=%s%n
$ less somefile
Segmentation fault
$

See http://www.glopeda.com for more details.

-- 
Site: http://www.glopeda.com
E-mail: glopeda () glopeda com
Name: Mitch

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

[+] Vulnerability in less version 394 and prior glopeda . com (Oct 30)
- Re: [+] Vulnerability in less version 394 and prior fdlist (Oct 30)
- Re: [+] Vulnerability in less version 394 and prior Jonathan Smith (Oct 30)
- Message not available
  - Re: [+] Vulnerability in less version 394 and prior Jeffrey Denton (Oct 31)
    - Re: [+] Vulnerability in less version 394 and prior glopeda . com (Oct 31)