On Tue, Jan 29, 2002 at 04:11:39PM -0500, CERT Coordination Center wrote: > We have received report regarding a vulnerability in one of your > products. We would appreciate greatly your help in reviewing this > issue so that we can document it in our public database. <...> To bad they didn't provide a link; I couldn't find anything re. 'mcedit' or 'midnight commander' in their database nor anything re. 'VU#203203' or simply '203203'. > The complete impact of this vulnerability is not yet known. Attackers > can cause mcedit to end with a segmentation fault. I seem to remember someone claimed his mcedit segfaulted on extremely long lines. I further STR I showed him it was a simple ulimit-thing. (But I can't find this in the archives...) I didn't CC: cert on this mail. I figure someone else is in better position to make formal contact. -- //Björnen. bjorn bjornen nu | mdeans algonet se | bjorn pobox com
Attachment:
pgpuq7mjQex1D.pgp
Description: PGP signature