• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

LessTif Debug Feature Local Arbitrary File Creation Vulnerability

LessTif is prone to a local arbitrary file-creation vulnerability. This issue is exposed when an application using the affected library runs with setuid-privileges.

This issue presents itself only when the library is compiled without the 'LESSTIF_PRODUCTION' definition. This occurs when the '--enable-production' configuration option is not selected when the package is built.

When used in conjunction with the 'mtink' binary, exploiting this issue has been demonstrated to gain superuser privileges.

LessTif version 0.93.94 is vulnerable to this issue; other versions may also be affected.