[Full-Disclosure] gnu-less Format String Vulnerability
Date: Wed Aug 18 2004 - 07:26:51 EDT
+-----[ Software ]-----+
Less is a program similar to more, but which allows backward movement in
the file as well as forward movement. Also, less does not have to read
the entire input file before starting, so with large input files it
starts up faster than text editors like vi.
Less uses termcap (or terminfo on some systems), so it can run on a
variety of terminals. There is even limited support for hardcopy terminals.
+-----[ Tested Versions ]-----+
less-382
less-381
less-358
+-----[ Description ]-----+
Format string vulnerability.
+-----[ Vulnerable Code ]-----+
From less-382:
[filename.c] : 787
public char *
open_altfile(filename, pf, pfd)
char *filename;
int *pf;
void **pfd;
{
...................
if ((lessopen = lgetenv("LESSOPEN")) == NULL
...................
sprintf(cmd, lessopen, filename); <-- Format String Problem Here
...................
}
+-----[ Greets ]-------+
Virulent , gorny and all other netricians
+-----------------------+
+-----[ Contact ]-----+
deicide@siyahsapka.org
+----------------------+
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Wed Aug 18 10:30:13 2004
This archive was generated by hypermail 2.1.8 : Wed Aug 18 2004 - 11:03:03 EDT
