lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Oct 2007 23:41:39 -0500 From: fdlist@...italoffense.net To: full-disclosure@...ts.grok.org.uk Subject: Re: [+] Vulnerability in less version 394 and prior $ LESSOPEN=/bin/sh less /dev/null sh-3.2$ On Tuesday 30 October 2007, glopeda.com wrote: > There exists a format strings bug in the less application present in > most flavors of UNIX. It could be leveraged for privilege escalation > if the calling application is setuid/setgid and does not properly drop > privileges. > > Meager demonstration: > $ export LESSOPEN=%s%n > $ less somefile > Segmentation fault _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists