Full Disclosure mailing list archives
Re: [+] Vulnerability in less version 394 and prior
From: fdlist () digitaloffense net
Date: Tue, 30 Oct 2007 23:41:39 -0500
$ LESSOPEN=/bin/sh less /dev/null sh-3.2$ On Tuesday 30 October 2007, glopeda.com wrote:
There exists a format strings bug in the less application present in most flavors of UNIX. It could be leveraged for privilege escalation if the calling application is setuid/setgid and does not properly drop privileges. Meager demonstration: $ export LESSOPEN=%s%n $ less somefile Segmentation fault
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [+] Vulnerability in less version 394 and prior glopeda . com (Oct 30)
- Re: [+] Vulnerability in less version 394 and prior fdlist (Oct 30)
- Re: [+] Vulnerability in less version 394 and prior Jonathan Smith (Oct 30)
- Message not available
- Re: [+] Vulnerability in less version 394 and prior Jeffrey Denton (Oct 31)
- Re: [+] Vulnerability in less version 394 and prior glopeda . com (Oct 31)
- Re: [+] Vulnerability in less version 394 and prior Jeffrey Denton (Oct 31)