Re: Midnight Commander Multiple vulnerabilities
- From: Pavel Tsekov <ptsekov gmx net>
- To: Cleve Philippe <Philippe Cleve nbb be>
- Cc: mc-devel gnome org
- Subject: Re: Midnight Commander Multiple vulnerabilities
- Date: Thu, 7 Apr 2005 15:34:20 +0300
Hello,
I don't see any reason not to post this question on the general MC
discussions list: mc at gnome dot org .
On Thu, 7 Apr 2005, Cleve Philippe wrote:
> Hi,
>
> Searching information about Midnight Commander on the net, I've found
> multiple documents saying:
>
> "A vulnerability has been identified in Midnight Commander (mc), which
> potentially can be exploited by malicious people to compromise a user's
> system.
>
> The vulnerability is caused due to a boundary error when handling
> symlinks in compressed files. This can be exploited by constructing a
> compressed file containing overly long, specially crafted symlinks. This
> will cause a stack overflow when a user tries to view the content of the
> malicious compressed file using mc.
>
> The vulnerability has been confirmed in version 4.5.55 but should
> reportedly affect versions 4.5.52 through 4.6.0."
>
> Where are currently using mc 4.6.0 on Solaris 9.
>
> What's the situation in our case?
>
> Does any correction exist?
>
> Regards.
>
> Philippe
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
