It's taking arguments out of your environment for the format string,
put a couple more %n's and watch it die horribly. That's why I said
a meager demonstration. The emphasis was definitely on meager ;)
On 10/31/07, Jeffrey Denton [EMAIL PROTECTED] wrote:
On 10/31/07, glopeda. com [EMAIL
From: [EMAIL PROTECTED]
Application: less 394 and prior
Type: Format strings vulnerability
Priority: Low
There exists a format strings bug in the less application present in
most flavors of UNIX. It could be leveraged for privilege escalation
if the calling application is setuid/setgid and does