Bug 2274980 (CVE-2024-32487) - CVE-2024-32487 less: OS command injection
Summary: CVE-2024-32487 less: OS command injection
Keywords:
Status: NEW
Alias: CVE-2024-32487
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2274981
Blocks: 2274983
TreeView+ depends on / blocked
 
Reported: 2024-04-14 14:03 UTC by ybuenos
Modified: 2024-07-22 11:27 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:3517 0 None None None 2024-05-30 17:43:05 UTC
Red Hat Product Errata RHBA-2024:3541 0 None None None 2024-06-03 01:15:36 UTC
Red Hat Product Errata RHBA-2024:3592 0 None None None 2024-06-04 13:34:23 UTC
Red Hat Product Errata RHBA-2024:3630 0 None None None 2024-06-05 13:40:38 UTC
Red Hat Product Errata RHBA-2024:3770 0 None None None 2024-06-10 14:23:03 UTC
Red Hat Product Errata RHBA-2024:3772 0 None None None 2024-06-10 14:24:51 UTC
Red Hat Product Errata RHBA-2024:3852 0 None None None 2024-06-11 19:26:17 UTC
Red Hat Product Errata RHBA-2024:4026 0 None None None 2024-06-20 13:00:01 UTC
Red Hat Product Errata RHBA-2024:4343 0 None None None 2024-07-08 01:39:04 UTC
Red Hat Product Errata RHBA-2024:4344 0 None None None 2024-07-08 01:39:56 UTC
Red Hat Product Errata RHBA-2024:4345 0 None None None 2024-07-08 01:40:45 UTC
Red Hat Product Errata RHBA-2024:4346 0 None None None 2024-07-08 01:41:02 UTC
Red Hat Product Errata RHBA-2024:4347 0 None None None 2024-07-08 01:41:44 UTC
Red Hat Product Errata RHBA-2024:4355 0 None None None 2024-07-08 07:17:25 UTC
Red Hat Product Errata RHBA-2024:4398 0 None None None 2024-07-09 07:58:09 UTC
Red Hat Product Errata RHBA-2024:4444 0 None None None 2024-07-09 18:22:18 UTC
Red Hat Product Errata RHBA-2024:4703 0 None None None 2024-07-22 11:27:09 UTC
Red Hat Product Errata RHBA-2024:4704 0 None None None 2024-07-22 11:27:02 UTC
Red Hat Product Errata RHSA-2024:3513 0 None None None 2024-05-30 14:34:02 UTC
Red Hat Product Errata RHSA-2024:3669 0 None None None 2024-06-06 09:21:49 UTC
Red Hat Product Errata RHSA-2024:4256 0 None None None 2024-07-02 15:26:01 UTC
Red Hat Product Errata RHSA-2024:4366 0 None None None 2024-07-08 11:08:37 UTC
Red Hat Product Errata RHSA-2024:4369 0 None None None 2024-07-08 11:37:49 UTC
Red Hat Product Errata RHSA-2024:4416 0 None None None 2024-07-09 09:58:47 UTC
Red Hat Product Errata RHSA-2024:4418 0 None None None 2024-07-09 09:59:29 UTC
Red Hat Product Errata RHSA-2024:4528 0 None None None 2024-07-15 01:04:01 UTC
Red Hat Product Errata RHSA-2024:4529 0 None None None 2024-07-15 01:07:29 UTC

Description ybuenos 2024-04-14 14:03:02 UTC
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.

https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33
https://www.openwall.com/lists/oss-security/2024/04/12/5
https://www.openwall.com/lists/oss-security/2024/04/13/2

Comment 1 ybuenos 2024-04-14 14:03:17 UTC
Created less tracking bugs for this issue:

Affects: fedora-all [bug 2274981]

Comment 5 errata-xmlrpc 2024-05-30 14:34:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:3513 https://access.redhat.com/errata/RHSA-2024:3513

Comment 6 errata-xmlrpc 2024-06-06 09:21:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:3669 https://access.redhat.com/errata/RHSA-2024:3669

Comment 7 errata-xmlrpc 2024-07-02 15:25:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:4256 https://access.redhat.com/errata/RHSA-2024:4256

Comment 11 errata-xmlrpc 2024-07-08 11:08:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:4366 https://access.redhat.com/errata/RHSA-2024:4366

Comment 12 errata-xmlrpc 2024-07-08 11:37:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:4369 https://access.redhat.com/errata/RHSA-2024:4369

Comment 13 errata-xmlrpc 2024-07-09 09:58:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:4416 https://access.redhat.com/errata/RHSA-2024:4416

Comment 14 errata-xmlrpc 2024-07-09 09:59:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:4418 https://access.redhat.com/errata/RHSA-2024:4418

Comment 15 errata-xmlrpc 2024-07-15 01:03:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:4528 https://access.redhat.com/errata/RHSA-2024:4528

Comment 16 errata-xmlrpc 2024-07-15 01:07:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:4529 https://access.redhat.com/errata/RHSA-2024:4529


Note You need to log in before you can comment on or make changes to this bug.