Описание
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.
Отчет
The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | less | Not affected | ||
| Red Hat Enterprise Linux 6 | less | Out of support scope | ||
| Red Hat Enterprise Linux 7 | less | Fixed | RHSA-2024:3669 | 06.06.2024 |
| Red Hat Enterprise Linux 8 | less | Fixed | RHSA-2024:4256 | 02.07.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | less | Fixed | RHSA-2024:4366 | 08.07.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | less | Fixed | RHSA-2024:4416 | 09.07.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | less | Fixed | RHSA-2024:4416 | 09.07.2024 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | less | Fixed | RHSA-2024:4416 | 09.07.2024 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | less | Fixed | RHSA-2024:4418 | 09.07.2024 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | less | Fixed | RHSA-2024:4418 | 09.07.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.6 High
CVSS3
Связанные уязвимости
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
less through 653 allows OS command execution via a newline character i ...
EPSS
8.6 High
CVSS3