Re: Midnight Commander Multiple vulnerabilities

From: Pavel Tsekov <ptsekov gmx net>
Cc: MC <mc gnome org>
Subject: Re: Midnight Commander Multiple vulnerabilities
Date: Fri, 8 Apr 2005 10:43:06 +0300

Hello,

On Thu, 7 Apr 2005, Leonard den Ottolander wrote:

Hello Cleve,

On Thu, 2005-04-07 at 15:16, Cleve Philippe wrote:

"A vulnerability has been identified in Midnight Commander (mc), which
potentially can be exploited by malicious people to compromise a user's
system.


Would you happen to have a CAN number for this issue, or another
reference? If this issue doesn't yet have a CAN number maybe we should
get one assigned?

From the original message


[...]
The vulnerability is caused due to a boundary error when handling
symlinks in compressed files. This can be exploited by constructing a
compressed file containing overly long, specially crafted symlinks. This
will cause a stack overflow when a user tries to view the content of the
malicious compressed file using mc.
[...]

which appears to be CAN-2003-1023.

References:
- Midnight Commander Multiple vulnerabilities
  - From: Cleve Philippe
- Re: Midnight Commander Multiple vulnerabilities
  - From: Leonard den Ottolander

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]