Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2264

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2004-2264
Last Modified 05 Sep 2008 04:43:39
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2264

Summary

** DISPUTED ** Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed.

Vulnerable Systems

Application

  • Gnu Less 358

  • Gnu Less 381

  • Gnu Less 382


References

XF - less-filename-format-string(17032)

OSVDB - 9014

SECTRACK - 1010988

FULLDISC - 20040818 Re: gnu-less Format String Vulnerability

FULLDISC - 20040818 gnu-less Format String Vulnerability


Last Updated: 27 May 2016 10:39:24