[原文]Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale.
Victor Ashik is credited with the discovery of this issue.
RedHat Linux 9.0 i386
A remote, client-side buffer overflow vulnerability affects RedHat Linux less. This issue is due to a failure of the application to securely copy file data into finite process buffers.
An attacker may leverage this issue to execute arbitrary code with the privileges of an unsuspecting user.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.
Fedora Legacy has released advisory FLSA:2404 dealing with this issue. Please see the referenced advisory for more information.