GNU less file heap buffer overflow
| less-file-bo (19131) |  High Risk |
Description:
GNU less is vulnerable to a heap-based buffer overflow. By creating a specially-crafted file, a local attacker could overflow a buffer and possibly execute arbitrary code or cause the system to crash, once the file is opened.
Consequences:
Gain Access
Remedy:
For Red Hat Linux:
Upgrade to the latest version of less, as listed below. Refer to RHSA-2005:068-11 for more information. See References.
Red Hat Enterprise Linux AS, ES, WS (v.3), and Red Hat Desktop 3: 378-12 or later
References:
- BID-12753: RedHat Linux Less Remote Buffer Overflow Vulnerability
- CVE-2005-0086: Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale.
- RHSA-2005-068: less security update
Platforms Affected:
- RedHat Enterprise Linux 3 Desktop
- RedHat Enterprise Linux 3 WS
- RedHat Enterprise Linux 3 ES
- RedHat Enterprise Linux 3 AS
Reported:
Jan 26, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net