VU#203203 - midnight_commander

Björn Eriksson bjorn at bjornen.nu
Tue Jan 29 22:09:37 UTC 2002


On Tue, Jan 29, 2002 at 04:11:39PM -0500, CERT Coordination Center wrote:
> We have received report regarding a vulnerability in one of your 
> products. We would appreciate greatly your help in reviewing this 
> issue so that we can document it in our public database.
<...>

 To bad they didn't provide a link; I couldn't find anything re.
'mcedit' or 'midnight commander' in their database nor anything re.
'VU#203203' or simply '203203'.

> The complete impact of this vulnerability is not yet known. Attackers 
> can cause mcedit to end with a segmentation fault.

 I seem to remember someone claimed his mcedit segfaulted on extremely
long lines. I further STR I showed him it was a simple ulimit-thing.
(But I can't find this in the archives...)

 I didn't CC: cert on this mail. I figure someone else is in better
position to make formal contact.


-- 
//Björnen. bjorn at bjornen.nu | mdeans at algonet.se | bjorn at pobox.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.midnight-commander.org/pipermail/mc-devel/attachments/20020129/764bae02/attachment.asc>


More information about the mc-devel mailing list