[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] lv local root exploit

To: linux-security
Subject: [linux-security] lv local root exploit
From: Martin Siegert <siegert@sfu.ca>
Date: Sat, 31 May 2003 15:22:50 -0700
User-Agent: Mutt/1.4.1i

Topic
=====
local root exploit in lv

Problem Description
===================
Lv is a powerful file viewer similar to less.

A bug has been found in versions of lv that read a .lv file in the current
directory.  Local attackers can use this to place an .lv file in any
directory to which they have write access.  Any user who subsequently runs
lv in that directory and uses the v (edit) command can be forced to execute
an arbitrary program.

Affected Versions
=================
lv versions 4.49.4 and earlier

Solution
========
upgrade to version 4.49.5 (or patched version for your distribution)

RedHat 7.x
----------
rpm -Fvh lv-4.49.4-3.7x.1.i386.rpm

RedHat 8.0
----------
rpm -Fvh lv-4.49.4-7.80.1.i386.rpm

RedHat 9
--------
rpm -Fvh lv-4.49.4-9.9.1.i386.rpm

Debian 2.2 (potato)
-------------------
upgrade to lv_4.49.3-4potato2_i386.deb

Debian 3.0 (woody)
------------------
upgrade to lv_4.49.4-7woody2_i386.deb

Prev by Date: [linux-security] DoS and local root exploits in Linux kernel
Next by Date: [linux-security] cups DoS exploit
Prev by thread: [linux-security] cups DoS exploit
Next by thread: [linux-security] DoS and local root exploits in Linux kernel
Index(es):
- Date
- Thread