Cyber Threat Advisory: OS Command Injection Vulnerability in Red Hat Enterprise Linux

by CIRT Team

An OS command injection vulnerability has been identified in the “less” utility, stemming from mishandling of quoting in `filename.c`. “less” is a text file viewer similar to “more” but allows users to move both backward and forward through files. It also starts faster than traditional text editors because it does not load the entire input file at startup. This vulnerability permits attackers to execute arbitrary OS commands by opening files with maliciously crafted filenames. The risk is heightened by the LESSOPEN environment variable, set by default in many configurations, increasing the likelihood of exploitation. Successful exploitation can lead to unauthorized access, data exfiltration, or full system compromise, depending on the user’s privileges when running “less”.

CIRT Team