VU#203203 - midnight_commander

From: CERT Coordination Center <cert cert org>
To: Midnight Commander Developer List <mc-devel gnome org>
Cc: CERT Coordination Center <cert cert org>
Subject: VU#203203 - midnight_commander
Date: Tue, 29 Jan 2002 16:11:39 -0500

-----BEGIN PGP SIGNED MESSAGE-----


Hello folks,

We have received report regarding a vulnerability in one of your 
products. We would appreciate greatly your help in reviewing this 
issue so that we can document it in our public database.

Please review the following vulnerability note for accuracy and 
answer these questions:
1. Have you verified the existence of this vulnerability?
2. Has it been corrected in a released update or new version of the 
product? If yes, please provide links to more information, including 
how users can obtain the update or new version.
3. If not yet released, when do you plan on releasing an update to 
fix this vulnerability? What should users do in the meantime to limit 
exposure to this vulnerability?

CERT/CC Vulnerability Note Draft:

VU#203203 - Buffer-overflow vulnerability in Midnight Commander

CVE: 

KEYWORDS: Midnight Commander, /usr/bin/mcedit, mcedit, buffer overflow

OVERVIEW: 

The mcedit component of some versions of Midnight Commander contains 
a buffer-overflow vulnerability.

DESCRIPTION: 

Midnight Commander is a file manager for free operating systems, 
distributed under the GNU General Public License (GPL). In version 
4.5.1 of Midnight Commander, the mcedit text editor component is 
susceptible to segmentation fault by buffer overflow.

IMPACT: 

The complete impact of this vulnerability is not yet known. Attackers 
can cause mcedit to end with a segmentation fault.

RESOLUTION: 

The CERT/CC is currently unaware of a practical solution to this 
problem.

WORKAROUNDS: 

None.

REFERENCES: 

http://www.ibiblio.org/mc/

If there are any mistakes or inaccuracies in the above vulnerability 
note, please let me know so they can be corrected before publication.

Regards,
Shawn Van Ittersum
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBPFcP6KCVPMXQI2HJAQGpPAP+I7ooapPztZETir8IfAOIzr68y/couuGH
Lz9FJAAxYA9yIrk6ZuZFcNVsT2aMCmwZv2CBLBCETPHSX7umUz1uoTbfy4wqNUeL
wZRHhttfWAkwnTILnformlalyZOzVPpDCx2X6pfnhtma6nyuxA00xEWW80BGRt/i
vrrMuJYGbZU=
=q3ct
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: VU#203203 - midnight_commander
  - From: Björn Eriksson
- Re: VU#203203 - midnight_commander
  - From: Pavel Roskin

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]