Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Less is, umm, less? InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Less is, umm, less?

Published: 2014-11-25
Last Updated: 2014-11-25 21:31:04 UTC
by Adrien de Beaupre (Version: 1)
2 comment(s)

Following vulnerabilities discovered in tools many Linux and Information Security enthusiasts use such as the 'strings' command and the bash shell, a new series of issues have been discovered in the 'less' command. Less is used to paginate output, and can be used to view the text contents of a file one page at a time. It can also receive data from a pipe. Examples: 'less myfile.txt' and 'xxd mybinfile | less'. One of the most attractive features of less is that you can move forwards and backwards through the output. It would not be unusual to use less to view files downloaded from the Internet for example. The problem is that less on some versions of Linux run a lesspipe script that invokes other utilities to actually view the contents of the files. Many of these should not be used to view files from an untrusted source. So local arbitrary code execution is possible if less is run on a malformed file. Back to using more?

References:
http://seclists.org/fulldisclosure/2014/Nov/74
http://linuxcommand.org/man_pages/less1.html

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

 

 

 

2 comment(s)
Diary Archives