[Full-disclosure] [+] Vulnerability in less version 394 and prior
glopeda.com
glopeda at glopeda.com
Wed Oct 31 04:29:15 GMT 2007
From: glopeda at glopeda.com
Application: less 394 and prior
Type: Format strings vulnerability
Priority: Low
There exists a format strings bug in the less application present in
most flavors of UNIX. It could be leveraged for privilege escalation
if the calling application is setuid/setgid and does not properly drop
privileges.
Meager demonstration:
$ export LESSOPEN=%s%n
$ less somefile
Segmentation fault
$
See http://www.glopeda.com for more details.
--
Site: http://www.glopeda.com
E-mail: glopeda at glopeda.com
Name: Mitch
Full-Disclosure is hosted and sponsored by Secunia.