Re: Midnight Commander Multiple vulnerabilities


I don't see any reason not to post this question on the general MC
discussions list: mc at gnome dot org .

On Thu, 7 Apr 2005, Cleve Philippe wrote:

> Hi,
> Searching information about Midnight Commander on the net, I've found
> multiple documents saying:
> "A vulnerability has been identified in Midnight Commander (mc), which
> potentially can be exploited by malicious people to compromise a user's
> system.
> The vulnerability is caused due to a boundary error when handling
> symlinks in compressed files. This can be exploited by constructing a
> compressed file containing overly long, specially crafted symlinks. This
> will cause a stack overflow when a user tries to view the content of the
> malicious compressed file using mc.
> The vulnerability has been confirmed in version 4.5.55 but should
> reportedly affect versions 4.5.52 through 4.6.0."
> Where are currently using mc 4.6.0 on Solaris 9.
> What's the situation in our case?
> Does any correction exist?
> Regards.
> Philippe

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]