Bug 152888

Summary:	CAN-2005-0086, less segfault
Product:	[Retired] Fedora Legacy	Reporter:	Dominic Hargreaves <dom>
Component:	less	Assignee:	Fedora Legacy Bugs <bugs>
Status:	CLOSED CANTFIX	QA Contact:
Severity:	medium	Docs Contact:
Priority:	medium
Version:	unspecified	CC:	deisenst, jpdalbec, marc.deslauriers, mattdm, pekkas
Target Milestone:	---	Keywords:	Reopened, Security
Target Release:	---
Hardware:	All
OS:	Linux
URL:	https://bugzilla.redhat.com/beta/show_bug.cgi?id=145527
Whiteboard:	LEGACY, rh90, NEEDSWORK
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2007-04-12 00:33:07 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description David Lawrence 2005-03-30 23:31:03 UTC

Victor Ashik discovered a heap based buffer overflow in less, caused by a
patch added to the less package in Red Hat Enterprise Linux 3. An attacker
could construct a carefully crafted file that could cause less to crash or
possibly execute arbitrary code when opened. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0086
to this issue. Note that this issue only affects the version of less
distributed with Red Hat Enterprise Linux 3.

http://rhn.redhat.com/errata/RHSA-2005-068.html
https://bugzilla.redhat.com/beta/show_bug.cgi?id=145527



------- Additional Comments From marcdeslauriers 2005-02-10 19:09:27 ----

*** Bug 2426 has been marked as a duplicate of this bug. ***



------- Additional Comments From pekkas 2005-02-15 07:52:05 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

RHL73 is not affected; this was caused by Red Hat's multibyte support which
went into RHL8 or thereabouts.

Below are the updates packages, with the patch taken from RHEL3.

http://www.netcore.fi/pekkas/linux/less-378-7.1.legacy.src.rpm (RHL9)
http://www.netcore.fi/pekkas/linux/less-378-11.1.1.legacy.src.rpm (FC1)

b9abe7de8558c5405fab44a25367ac78c2eb1d39  less-378-11.1.1.legacy.src.rpm
2de8fb2f8ef4b5bb7ddcda298b6776b6ee27c3ff  less-378-7.1.legacy.i386.rpm
a71fb99e819eed93d07ae924065f6b0ce654e2f3  less-378-7.1.legacy.src.rpm

Binaries are also available for RHL9.

* Tue Feb 15 2005 Pekka Savola <pekkas> 378-7.1.legacy
- -  Fix CAN-2005-0086 (#2404) from RHEL3.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFCEjawGHbTkzxSL7QRAvxrAKDWyHEAHd/h88hh7XnJ0DkqJy2EOwCgl97o
xn16beIVByfy6ttyl2ePsZU=
=ju2d
-----END PGP SIGNATURE-----





------- Additional Comments From deisenst 2005-02-22 06:49:45 ----

Hey, Pekka.  The latest FC1 package is "less-382-1.1", of March 2004; .srpm
available at:

http://download.fedoralegacy.org/fedora/1/updates/SRPMS/less-382-1.1.src.rpm

If you will patch that one, I will be happy to QA it.  :-)



------- Additional Comments From pekkas 2005-02-22 20:37:33 ----

I reviewed less 382.  The Japanization patch was removed, so this issue is not
present there.  Apparently FC1 is not affected.



------- Additional Comments From marcdeslauriers 2005-03-05 20:29:48 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I did QA on the rh9 package:

a71fb99e819eed93d07ae924065f6b0ce654e2f3  less-378-7.1.legacy.src.rpm

- - Source files match previous version
- - Patch file matches RHEL
- - Spec file changes good

+PUBLISH
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCKqNRLMAs/0C4zNoRAjPDAKCqfbhyidmYmnjTX2ulp02xDIMT4QCfQ2mb
DLkxRyDXLS4XWla8oFbdzwc=
=AYHn
-----END PGP SIGNATURE-----




------- Additional Comments From madhatter 2005-03-06 22:47:54 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

08f54de18179fdaf849cd26d0497531426fd9cc6  less-378-7.2.legacy.i386.rpm

installs OK.  less still does what i'd expect it to (lists file pagewise, =
gives linecounts, can buffer STDIN and move forward and back in it).

+VERIFY RH9

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCLBUCePtvKV31zw4RApcNAJ0YOGDNQCg9Of+cPKHTR4KJV4Vu2gCfYDae
FADc6InzKmHzkawnc4HW7pg=
=h2LV
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers 2005-03-07 03:24:19 ----

Packages were released to updates-testing.





------- Additional Comments From marcdeslauriers 2005-03-07 17:21:47 ----

Packages officially released



------- Additional Comments From jpdalbec 2005-03-11 04:10:00 ----

Already fixed here, but FYI:

05.10.8 CVE: CAN-2005-0086
Platform: Linux
Title: RedHat Linux less Remote Buffer Overflow
Description: less is a utility for viewing files in terminal windows.
It is vulnerable to a remote client-side buffer overflow issue that
may be leveraged by an attacker to execute arbitrary code with the
privileges of the user running the application. RedHat Linux 9.0 i386
is vulnerable to this issue.
Ref: http://www.securityfocus.com/advisories/8209



------- Additional Comments From marcdeslauriers 2005-03-11 15:39:55 ----

The less packages were put back into updates-testing as some people were
experiencing hang with yum because of it. See the fedora-legacy-list for details.



------- Additional Comments From pekkas 2005-03-13 05:45:31 ----

This is weird because comparing less-378-7.2.legacy.src.rpm to RHEL3
less-378-12.src.rpm shows very few changes; RHEL3 has a trivial korean language
fix, an autoconf fix to detect libncursesw (I don't have it here), and updates
to curses.{sh,csh} scripts.  Our version has autoconf in requires.

There doesn't seem to be much that could be causing issues.. unless people with
RHEL3 could check whether the Red Hat update borks yum for them or not.



------- Bug moved to this database by dkl 2005-03-30 18:31 -------

This bug previously known as bug 2404 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2404
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Comment 1 Matthew Miller 2005-04-12 23:16:37 UTC

Did anything come out of the yum hang issues with this?

Comment 2 Pekka Savola 2005-04-20 18:13:47 UTC

Does anyone use yum with RHEL3?  Does the RHEL3 less update work OK?

Or, does the RHEL3 less update, rebuilt if needed on RHL9 work OK?

Comment 3 David Eisenstein 2006-01-10 20:01:20 UTC

hmmm, I'm wondering if this issue needs revisiting? ...

less-378.7.2.legacy remains in updates-testing.

I'm noticing that less-378-7.2.legacy was built in the "redhat-9-i386" root
of mach, and not the "redhat-9-i386-updates" root.  Therefore, all the packages
were built linking with the original Red Hat Linux 9 libraries and such ...
not the most recently updated RHL9 packages.

Might that make a difference?

Comment 4 Pekka Savola 2006-01-11 04:58:34 UTC

Sure.. it might.  I'd also make a diff of the buildlogs in mach to those built
"normally"..

Comment 5 Red Hat Bugzilla 2007-02-05 19:26:42 UTC

REOPENED status has been deprecated. ASSIGNED with keyword of Reopened is preferred.

Comment 6 David Eisenstein 2007-04-12 00:33:07 UTC

Red Hat Linux and Fedora Core releases <=4 are now completely unmaintained.
These bugs can't be fixed in these versions.  If the issue still persists in
current Fedora Core releases, please reopen.  Thank you, and sorry about this.