VU#203203 - midnight_commander
Pavel Roskin
proski at gnu.org
Wed Jan 30 01:40:15 UTC 2002
Hello!
I'm the maintainer of GNU Midnight Commander. If there are any details
that you don't want to make public, please write me personally. You can
use my public key at http://www.red-bean.com/~proski/pubring.gpg.asc to
encrypt your message.
> We have received report regarding a vulnerability in one of your
> products. We would appreciate greatly your help in reviewing this
> issue so that we can document it in our public database.
Sorry, but the information in this report is insufficient.
> Please review the following vulnerability note for accuracy and
> answer these questions:
> 1. Have you verified the existence of this vulnerability?
The description is too vague to verify the vulnerability. However, the
code of GNU Midnight Commander has not been audited for security as far as
I know.
> 2. Has it been corrected in a released update or new version of the
> product? If yes, please provide links to more information, including
> how users can obtain the update or new version.
> 3. If not yet released, when do you plan on releasing an update to
> fix this vulnerability? What should users do in the meantime to limit
> exposure to this vulnerability?
The same answer.
> CERT/CC Vulnerability Note Draft:
>
> VU#203203 - Buffer-overflow vulnerability in Midnight Commander
I understand that drafts are not available online, are they?
> Midnight Commander is a file manager for free operating systems,
> distributed under the GNU General Public License (GPL). In version
> 4.5.1 of Midnight Commander, the mcedit text editor component is
> susceptible to segmentation fault by buffer overflow.
The current version is 4.5.55. There have been many changes in the
internal editor between versions 4.5.1 and 4.5.55.
> The complete impact of this vulnerability is not yet known. Attackers
> can cause mcedit to end with a segmentation fault.
Provided that the vulnerability exists, the attacker would have to create
a special file and entice the attacked user into opening that file.
I'll fix the overflow if somebody sends me a file that crashes the editor.
I'm sorry, but I have neither time nor expertize to conduct a
comprehensive security audit of the code without having an exploit or at
least a hint to a possible exploit.
--
Regards,
Pavel Roskin
More information about the mc-devel
mailing list