Fwd: uninitialized buffer in midnight commander


I've seen this posting on bugtraq, but it looks like
Ilya Teterin didn't care to contact the authors of mc.
Forgive me if I'm wrong :-)

Please CC: reply as I'm not on the list.


----------  Forwarded Message  ----------

Subject: uninitialized buffer in midnight commander
Date: Friday 19 September 2003 15:47
From: "Ilya Teterin"  <alienhard mail ru>
To: bugtraq securityfocus com

Midnight Commander is using uninitialized buffer for handling symlinks in VFS
 (tar, cpio). See vfs/direntry.c, handling of buf[] at
 vfs_s_resolve_symlink(). I wonder but it works almost properly ;-)

On linux-i386 I can reach stack buffer overflow using specially crafted
 archive. Open http://buggzy.narod.ru/exp.tgz in mc's VFS to test (mc will

Affected systems/vendors/archs: at least linux-i386, mc-4.5.52 to mc-4.6.0,
 too lazy to test others ;-)

P.S. Greetings to iDEFENSE VCP. I'm tired and hungry ;)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]