lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <41233CFB.1080005@gmx.net>
From: sakpolat at gmx.net (Serkan Akpolat)
Subject: gnu-less Format String Vulnerability

+-----[ Software ]-----+

Less is a program similar to more, but which allows backward movement in
the file as well as forward movement. Also, less does not have to read
the entire input file before starting, so with large input files it 
starts up faster than text editors like vi.
Less uses termcap (or terminfo on some systems), so it can run on a 
variety of terminals. There is even limited support for hardcopy terminals.

+-----[ Tested Versions ]-----+

less-382
less-381
less-358

+-----[ Description ]-----+

Format string vulnerability.


+-----[ Vulnerable Code ]-----+
 From less-382:

[filename.c] : 787

     public char *
open_altfile(filename, pf, pfd)
     char *filename;
     int *pf;
     void **pfd;
{
     ...................
     if ((lessopen = lgetenv("LESSOPEN")) == NULL
     ...................
     sprintf(cmd, lessopen, filename); <-- Format String Problem Here
     ...................

}

+-----[ Greets  ]-------+

Virulent , gorny and all other netricians

+-----------------------+

+-----[ Contact ]-----+

http://deicide.siyahsapka.org

        deicide@...ahsapka.org

+----------------------+


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ