Full Disclosure mailing list archives
gnu-less Format String Vulnerability
From: Serkan Akpolat <sakpolat () gmx net>
Date: Wed, 18 Aug 2004 14:26:51 +0300
+-----[ Software ]-----+ Less is a program similar to more, but which allows backward movement in the file as well as forward movement. Also, less does not have to readthe entire input file before starting, so with large input files it starts up faster than text editors like vi. Less uses termcap (or terminfo on some systems), so it can run on a variety of terminals. There is even limited support for hardcopy terminals.
+-----[ Tested Versions ]-----+ less-382 less-381 less-358 +-----[ Description ]-----+ Format string vulnerability. +-----[ Vulnerable Code ]-----+ From less-382: [filename.c] : 787 public char * open_altfile(filename, pf, pfd) char *filename; int *pf; void **pfd; { ................... if ((lessopen = lgetenv("LESSOPEN")) == NULL ................... sprintf(cmd, lessopen, filename); <-- Format String Problem Here ................... } +-----[ Greets ]-------+ Virulent , gorny and all other netricians +-----------------------+ +-----[ Contact ]-----+ http://deicide.siyahsapka.org deicide () siyahsapka org +----------------------+ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- gnu-less Format String Vulnerability Serkan Akpolat (Aug 18)
- Re: gnu-less Format String Vulnerability Tim (Aug 18)
- Re: gnu-less Format String Vulnerability Serkan Akpolat (Aug 18)
- Re: gnu-less Format String Vulnerability Tim (Aug 18)