Re: VU#203203 - midnight_commander

From: Pavel Roskin <proski gnu org>
To: CERT Coordination Center <cert cert org>
Cc: Midnight Commander Developer List <mc-devel gnome org>
Subject: Re: VU#203203 - midnight_commander
Date: Tue, 29 Jan 2002 20:40:15 -0500 (EST)

Hello!

I'm the maintainer of GNU Midnight Commander.  If there are any details 
that you don't want to make public, please write me personally.  You can 
use my public key at http://www.red-bean.com/~proski/pubring.gpg.asc to 
encrypt your message.

> We have received report regarding a vulnerability in one of your 
> products. We would appreciate greatly your help in reviewing this 
> issue so that we can document it in our public database.

Sorry, but the information in this report is insufficient.

> Please review the following vulnerability note for accuracy and 
> answer these questions:
> 1. Have you verified the existence of this vulnerability?

The description is too vague to verify the vulnerability.  However, the 
code of GNU Midnight Commander has not been audited for security as far as 
I know.

> 2. Has it been corrected in a released update or new version of the 
> product? If yes, please provide links to more information, including 
> how users can obtain the update or new version.
> 3. If not yet released, when do you plan on releasing an update to 
> fix this vulnerability? What should users do in the meantime to limit 
> exposure to this vulnerability?

The same answer.

> CERT/CC Vulnerability Note Draft:
> 
> VU#203203 - Buffer-overflow vulnerability in Midnight Commander

I understand that drafts are not available online, are they?

> Midnight Commander is a file manager for free operating systems, 
> distributed under the GNU General Public License (GPL). In version 
> 4.5.1 of Midnight Commander, the mcedit text editor component is 
> susceptible to segmentation fault by buffer overflow.

The current version is 4.5.55.  There have been many changes in the 
internal editor between versions 4.5.1 and 4.5.55.

> The complete impact of this vulnerability is not yet known. Attackers 
> can cause mcedit to end with a segmentation fault.

Provided that the vulnerability exists, the attacker would have to create
a special file and entice the attacked user into opening that file.

I'll fix the overflow if somebody sends me a file that crashes the editor.  
I'm sorry, but I have neither time nor expertize to conduct a
comprehensive security audit of the code without having an exploit or at
least a hint to a possible exploit.

-- 
Regards,
Pavel Roskin

References:
- VU#203203 - midnight_commander
  - From: CERT Coordination Center

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]