Bug 65159 (CVE-2005-0086) - VUL-0: CVE-2005-0086: less: heap-based overflow
Summary: VUL-0: CVE-2005-0086: less: heap-based overflow
Status: RESOLVED INVALID
Alias: CVE-2005-0086
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Petr Mladek
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2005-0086: CVSS v2 Base Score: 7....
Keywords:
Depends on:
Blocks:
 
Reported: 2005-01-25 19:01 UTC by Thomas Biege
Modified: 2021-10-27 15:41 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2005-01-25 19:01:18 UTC 
Hi, 
we received the following through vendor-sec. 
 
From: Josh Bressers <bressers@redhat.com> 
To: vendor-sec@lst.de 
User-Agent: Mutt/1.4.1i 
Subject: [vendor-sec] Issue with older versions of less 
Errors-To: vendor-sec-admin@lst.de 
Date: Mon, 24 Jan 2005 13:39:29 -0500 
 
I don't know exactly which version of less this issue affects, but I 
figured I'd throw it out here for anyone affected. 
 
This was reported to our bugzilla 
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=145527 
 
Basically, if you view a malicious file with less, it causes a heap buffer 
overflow. 
 
-- 
    JB 
_______________________________________________ 
 
From: Josh Bressers <bressers@redhat.com> 
To: Steve Kemp <skx@debian.org> 
Cc: vendor-sec@lst.de 
Subject: Re: [vendor-sec] Issue with older versions of less 
User-Agent: Mutt/1.4.1i 
Errors-To: vendor-sec-admin@lst.de 
Date: Mon, 24 Jan 2005 15:51:46 -0500 
 
On Mon, Jan 24, 2005 at 06:46:23PM +0000, Steve Kemp wrote: 
> On Mon, Jan 24, 2005 at 01:39:29PM -0500, Josh Bressers wrote: 
> > I don't know exactly which version of less this issue affects, but I 
> > figured I'd throw it out here for anyone affected. 
> 
>   Debian's Woody release is vulnerable, with version 3.74. 
> 
> > This was reported to our bugzilla 
> > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=145527 
> 
>   So this is public now?  Is there a CAN ID? 
 
CAN-2005-0086 covers this issue.  It should be considered public as 
anyone 
who looks in the Red Hat bugzilla can see the bug. 
 
-- 
    JB 
_______________________________________________ 
 
From: Solar Designer <solar@openwall.com> 
To: Josh Bressers <bressers@redhat.com> 
Cc: vendor-sec@lst.de 
Subject: Re: [vendor-sec] Issue with older versions of less 
User-Agent: Mutt/1.4.2.1i 
Errors-To: vendor-sec-admin@lst.de 
Date: Mon, 24 Jan 2005 21:55:48 +0300 
 
Josh, 
 
Thanks.  FWIW, this does not appear to affect less-358.  It does not 
crash with the testcase, not even when I set a UTF-8 locale, and the 
source code lacks context touched by the proposed patch. 
 
-- 
/sd 
 
On Mon, Jan 24, 2005 at 01:39:29PM -0500, Josh Bressers wrote: 
> I don't know exactly which version of less this issue affects, but I 
> figured I'd throw it out here for anyone affected. 
> 
> This was reported to our bugzilla 
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=145527 
> 
> Basically, if you view a malicious file with less, it causes a heap buffer 
> overflow. 
> 
> -- 
>     JB 
_______________________________________________ 
 
From: "Jacques A. Vidrine" <nectar@FreeBSD.org> 
To: Solar Designer <solar@openwall.com> 
Cc: Josh Bressers <bressers@redhat.com>, vendor-sec@lst.de 
Subject: Re: [vendor-sec] Issue with older versions of less 
User-Agent: Mutt/1.5.6i 
Errors-To: vendor-sec-admin@lst.de 
Date: Mon, 24 Jan 2005 13:35:31 -0600 
 
On Mon, Jan 24, 2005 at 09:55:48PM +0300, Solar Designer wrote: 
> Josh, 
> 
> Thanks.  FWIW, this does not appear to affect less-358.  It does not 
> crash with the testcase, not even when I set a UTF-8 locale, and the 
> source code lacks context touched by the proposed patch. 
 
FreeBSD 4.x ships with less-358.  FreeBSD 5.x ships with less-381. 
Neither of these appears to be vulnerable:  the test case does not 
cause a segfault, and the code does not contain a `charset' buffer. 
 
Hmm, the bug report mentions less-378-11.  Is there some 3rd-party 
patch applied to the RedHat less, perhaps for better i18n support? 
 
Cheers, 
-- 
Jacques A Vidrine / NTT/Verio 
nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org 
_______________________________________________
Comment 1 Thomas Biege 2005-01-25 19:01:18 UTC 
<!-- SBZ_reproduce  -->
-
Comment 2 Petr Mladek 2005-01-25 21:46:20 UTC 
I am going to investigate if our packages are affected.
Comment 3 Petr Mladek 2005-01-25 23:58:20 UTC 
Our less is not affected! I have checked all package sources from SL 8.1
to STABLE and everything looks fine.

The vulnerability is related to the iso254.patch but we use a fixed version of
the   patch. Our patch already includes the code that fixes the bug 
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=145527
Finally, our less does not crash with the sample file attached to the same Red
Hat's bug.

So, I'll close this bug as INVALID.
Comment 4 Thomas Biege 2005-01-26 00:15:15 UTC 
Great, thanks.
Comment 5 Thomas Biege 2009-10-13 21:00:22 UTC 
CVE-2005-0086: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)