Red Hat Bugzilla – Bug 89776
CAN-2003-0188 possibility of local root exploit in lv
Last modified: 2007-11-30 17:06:52 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; ja-JP; rv:1.2.1) Gecko/20030225
Description of problem:
See also http://bugs.debian.org/190941 for more details.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.for example, make a .lv file on /tmp that contains editor option ('-E'), which
is going to runs a malicious program.
2.runs lv to see some file on /tmp.
3.type 'v' to edit that file.
Actual Results: lv is always trying to read current directory.
Expected Results: I don't know correct fix, but it may be bad that lv is trying
to read .lv file on any directories.
Errata RHSA-2003:167 in progress
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does not work for you.