Home > Cyber News > Lesspipe on Linux “Less” Command Showing System Vulnerabilities

Lesspipe on Linux “Less” Command Showing System Vulnerabilities

Lesspipe-Linux-System-VulnerabilitiesThe “less” command which allows you to see the files content downloaded from the Internet in Linux may appear to be quite a dangerous feature according to security specialists.

What Is Lesspipe

The feature looks harmless at first sight, allowing users to open the file in a terminal window and scroll back and forth through its content. The feature is not useful to file redactors, as it does not allow users to manipulate the file, but has an advantage in showing the file content without taking up memory recourses which can be very useful for big files.

It is usually used for text files viewing but many Linux distributions, like Ubuntu and CentOS for example, support much more types like archive, image and PDF ones. This is enabled by a script code, called lesspipe, which relies on third-party applications.


Although the tool was not designed with malicious intentions in mind, test performed by a Google security engineer – Michal Zalewski showed that the system is subject to vulnerabilities if a wrong script code is input in the program.

This may lead to memory bugs and the program performance may result in arbitrary code execution. Although the bug has appeared in a single request in the CPIO file archiving program, the researchers think that such may appear in other programs as well.

“While it’s a single bug in cpio, I have no doubt that many of the other lesspipe programs are equally problematic or worse. In a thread yesterday, people immediately started pointing out other issues”, Zalewski wrote in a post on the subject.

After sharing his suspicions with the wide public, other users start commenting on the same findings as well. The tools which can be used to detect vulnerabilities are quite weak and slow though and may take a lot of time to perform testing. This will require a lot of efforts from developers as well.
“At this point, my best advice would be for users to unset LESSOPEN and LESSCLOSE if set by their distros.”, said Zalewski.

It seems looking for vulnerabilities in open-source systems is gaining speed at the moment. The beginning was probably researchers’ findings on the Bash Unix shell from this September. Last month Zalewski found another vulnerability by executing a remote code in the library used by objdump and readelf. Several days later such were found in the command programs Wget and tnftp.

Here’s what lesspipe supports in Linux Ubuntu and what you should be alert about if you’re using the tool: *.arj, *.bin, *.bz, *.bz2, *.deb, *.doc, *.dz, *.gif, *.gz, *.iso, *.jar, *.jpeg, *.jpg, *.lha, *.lzh, *.PCD, *.PDF, *.png, *.rar, *.raw, *.rpm, *.tar, *.tar.bz2, *.tar.dz, *.tar.gz, *.tar.Z, *.tga, *.tgz, *.tif, *.tiff, *.udeb, *.war, *.xpi, *.Z, *.zoo.


Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share