Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 152888

Summary: CAN-2005-0086, less segfault
Product: [Retired] Fedora Legacy Reporter: Dominic Hargreaves <dom>
Component: lessAssignee: Fedora Legacy Bugs <bugs>
Status: CLOSED CANTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: deisenst, jpdalbec, marc.deslauriers, mattdm, pekkas
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: LEGACY, rh90, NEEDSWORK
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-04-12 00:33:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description David Lawrence 2005-03-30 23:31:03 UTC
Victor Ashik discovered a heap based buffer overflow in less, caused by a
patch added to the less package in Red Hat Enterprise Linux 3. An attacker
could construct a carefully crafted file that could cause less to crash or
possibly execute arbitrary code when opened. The Common Vulnerabilities
and Exposures project ( has assigned the name CAN-2005-0086
to this issue. Note that this issue only affects the version of less
distributed with Red Hat Enterprise Linux 3.

------- Additional Comments From 2005-02-10 19:09:27 ----

*** Bug 2426 has been marked as a duplicate of this bug. ***

------- Additional Comments From 2005-02-15 07:52:05 ----

Hash: SHA1

RHL73 is not affected; this was caused by Red Hat's multibyte support which
went into RHL8 or thereabouts.

Below are the updates packages, with the patch taken from RHEL3. (RHL9) (FC1)

b9abe7de8558c5405fab44a25367ac78c2eb1d39  less-378-11.1.1.legacy.src.rpm
2de8fb2f8ef4b5bb7ddcda298b6776b6ee27c3ff  less-378-7.1.legacy.i386.rpm
a71fb99e819eed93d07ae924065f6b0ce654e2f3  less-378-7.1.legacy.src.rpm

Binaries are also available for RHL9.

* Tue Feb 15 2005 Pekka Savola <> 378-7.1.legacy
- -  Fix CAN-2005-0086 (#2404) from RHEL3.
Version: GnuPG v1.0.7 (GNU/Linux)


------- Additional Comments From 2005-02-22 06:49:45 ----

Hey, Pekka.  The latest FC1 package is "less-382-1.1", of March 2004; .srpm
available at:

If you will patch that one, I will be happy to QA it.  :-)

------- Additional Comments From 2005-02-22 20:37:33 ----

I reviewed less 382.  The Japanization patch was removed, so this issue is not
present there.  Apparently FC1 is not affected.

------- Additional Comments From 2005-03-05 20:29:48 ----

Hash: SHA1

I did QA on the rh9 package:

a71fb99e819eed93d07ae924065f6b0ce654e2f3  less-378-7.1.legacy.src.rpm

- - Source files match previous version
- - Patch file matches RHEL
- - Spec file changes good

Version: GnuPG v1.2.6 (GNU/Linux)


------- Additional Comments From 2005-03-06 22:47:54 ----

Hash: SHA1

08f54de18179fdaf849cd26d0497531426fd9cc6  less-378-7.2.legacy.i386.rpm

installs OK.  less still does what i'd expect it to (lists file pagewise, =
gives linecounts, can buffer STDIN and move forward and back in it).


Version: GnuPG v1.2.6 (GNU/Linux)


------- Additional Comments From 2005-03-07 03:24:19 ----

Packages were released to updates-testing.

------- Additional Comments From 2005-03-07 17:21:47 ----

Packages officially released

------- Additional Comments From 2005-03-11 04:10:00 ----

Already fixed here, but FYI:

05.10.8 CVE: CAN-2005-0086
Platform: Linux
Title: RedHat Linux less Remote Buffer Overflow
Description: less is a utility for viewing files in terminal windows.
It is vulnerable to a remote client-side buffer overflow issue that
may be leveraged by an attacker to execute arbitrary code with the
privileges of the user running the application. RedHat Linux 9.0 i386
is vulnerable to this issue.

------- Additional Comments From 2005-03-11 15:39:55 ----

The less packages were put back into updates-testing as some people were
experiencing hang with yum because of it. See the fedora-legacy-list for details.

------- Additional Comments From 2005-03-13 05:45:31 ----

This is weird because comparing less-378-7.2.legacy.src.rpm to RHEL3
less-378-12.src.rpm shows very few changes; RHEL3 has a trivial korean language
fix, an autoconf fix to detect libncursesw (I don't have it here), and updates
to curses.{sh,csh} scripts.  Our version has autoconf in requires.

There doesn't seem to be much that could be causing issues.. unless people with
RHEL3 could check whether the Red Hat update borks yum for them or not.

------- Bug moved to this database by 2005-03-30 18:31 -------

This bug previously known as bug 2404 at
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Comment 1 Matthew Miller 2005-04-12 23:16:37 UTC
Did anything come out of the yum hang issues with this?

Comment 2 Pekka Savola 2005-04-20 18:13:47 UTC
Does anyone use yum with RHEL3?  Does the RHEL3 less update work OK?

Or, does the RHEL3 less update, rebuilt if needed on RHL9 work OK?

Comment 3 David Eisenstein 2006-01-10 20:01:20 UTC
hmmm, I'm wondering if this issue needs revisiting? ...

less-378.7.2.legacy remains in updates-testing.

I'm noticing that less-378-7.2.legacy was built in the "redhat-9-i386" root
of mach, and not the "redhat-9-i386-updates" root.  Therefore, all the packages
were built linking with the original Red Hat Linux 9 libraries and such ...
not the most recently updated RHL9 packages.

Might that make a difference?

Comment 4 Pekka Savola 2006-01-11 04:58:34 UTC
Sure.. it might.  I'd also make a diff of the buildlogs in mach to those built

Comment 5 Red Hat Bugzilla 2007-02-05 19:26:42 UTC
REOPENED status has been deprecated. ASSIGNED with keyword of Reopened is preferred.

Comment 6 David Eisenstein 2007-04-12 00:33:07 UTC
Red Hat Linux and Fedora Core releases <=4 are now completely unmaintained.
These bugs can't be fixed in these versions.  If the issue still persists in
current Fedora Core releases, please reopen.  Thank you, and sorry about this.