GNU less filename.c Remote Format String

2004-08-18T07:36:18
ID OSVDB:9014
Type osvdb
Reporter Serkan Akpolat(sakpolat@gmx.net)
Modified 2004-08-18T07:36:18

Description

Vulnerability Description

The GNU less utility has been reported to contain a remotely exploitable format string condition. According to the report, the LESSOPEN environment in filename.c may allow an attacker to execute arbitrary commands remotely. Further examination revealed this is not the case.

Solution Description

The vulnerability reported is incorrect. No solution required.

Short Description

The GNU less utility has been reported to contain a remotely exploitable format string condition. According to the report, the LESSOPEN environment in filename.c may allow an attacker to execute arbitrary commands remotely. Further examination revealed this is not the case.

References:

Vendor URL: http://www.gnu.org/software/less/less.html Security Tracker: 1010988 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0794.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0811.html ISS X-Force ID: 17032 CVE-2004-2264