Midnight Commander Multiple vulnerabilities

From: "Cleve Philippe" <Philippe Cleve nbb be>
To: <mc-devel gnome org>
Subject: Midnight Commander Multiple vulnerabilities
Date: Thu, 7 Apr 2005 14:14:10 +0200

Hi,

Searching information about Midnight Commander on the net, I've found
multiple documents saying:

"A vulnerability has been identified in Midnight Commander (mc), which
potentially can be exploited by malicious people to compromise a user's
system.

The vulnerability is caused due to a boundary error when handling
symlinks in compressed files. This can be exploited by constructing a
compressed file containing overly long, specially crafted symlinks. This
will cause a stack overflow when a user tries to view the content of the
malicious compressed file using mc.

The vulnerability has been confirmed in version 4.5.55 but should
reportedly affect versions 4.5.52 through 4.6.0."

Where are currently using mc 4.6.0 on Solaris 9.

What's the situation in our case?

Does any correction exist?

Regards.

Philippe

-----------------------------------------
Visit our website! http://www.nbb.be    "DISCLAIMER: The content of this
e-mail message should not be construed as binding on the part of the
National Bank of Belgium (NBB) unless otherwise and previously stated. The
opinions expressed in this message are solely those of the author and do
not necessarily reflect NBB viewpoints, particularly when the content of
this message, or part thereof, is private by nature or does not fall within
the professional scope of its author."

Follow-Ups:
- Re: Midnight Commander Multiple vulnerabilities
  - From: Pavel Tsekov

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]