Package: less Version: 382-2 Severity: grave Tags: security patch less is vulnerable to a head-based buffer overflow that can be triggered by viewing certian binary files. This is theoretically exploitable by providing a user with such a file and waiting for him to run less on it.
The problem was discovered by redhat and involves the expand_linebuf function neglecting to expand the size of the charset buffer when it expands the other buffers. Details in their BTS, including a test case and a patch: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=145527 I tried to exploit it on Debian but failed to see the crash, however this could be due to setup differences from red hat. The code seems to be the same. Please use CAN-2005-0086 when referring to this security hole. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.27 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages less depends on: ii debianutils 2.11.2 Miscellaneous utilities specific t ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libncurses5 5.4-4 Shared libraries for terminal hand -- no debconf information -- see shy jo
signature.asc
Description: Digital signature
