Re: Midnight Commander Multiple vulnerabilities


On Thu, 7 Apr 2005, Cleve Philippe wrote:


Searching information about Midnight Commander on the net, I've found
multiple documents saying:

"A vulnerability has been identified in Midnight Commander (mc), which
potentially can be exploited by malicious people to compromise a user's

The vulnerability is caused due to a boundary error when handling
symlinks in compressed files. This can be exploited by constructing a
compressed file containing overly long, specially crafted symlinks. This
will cause a stack overflow when a user tries to view the content of the
malicious compressed file using mc.

The vulnerability has been confirmed in version 4.5.55 but should
reportedly affect versions 4.5.52 through 4.6.0."

Where are currently using mc 4.6.0 on Solaris 9.

What's the situation in our case?

Your version has this vulnerability.

Does any correction exist?

Yes. This vulnerability has been fixed in MC 4.6.1-pre2 and up.
You can download an unofficial release from

or get MC from CVS (use the MC_4_6_1_PRE branch).

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]