uninitialized buffer in midnight commander (fwd)
Pavel Machek
pavel at ucw.cz
Fri Oct 10 12:08:37 UTC 2003
. From bugtraq, I hope it was not here before.
----- Forwarded message from "\"Ilya Teterin\" " <alienhard at mail.ru> -----
Mailing-List: contact bugtraq-help at securityfocus.com; run by ezmlm
From: "Ilya Teterin" <alienhard at mail.ru>
To: bugtraq at securityfocus.com
Subject: uninitialized buffer in midnight commander
X-Originating-IP: [195.58.4.140]
Midnight Commander is using uninitialized buffer for handling symlinks in VFS (tar, cpio). See vfs/direntry.c, handling of buf[] at vfs_s_resolve_symlink(). I wonder but it works almost properly ;-)
On linux-i386 I can reach stack buffer overflow using specially crafted archive. Open http://buggzy.narod.ru/exp.tgz in mc's VFS to test (mc will crash).
Affected systems/vendors/archs: at least linux-i386, mc-4.5.52 to mc-4.6.0, too lazy to test others ;-)
P.S. Greetings to iDEFENSE VCP. I'm tired and hungry ;)
----- End forwarded message -----
--
Pavel
Written on sharp zaurus, because my Velo1 broke. If you have Velo you don't need...
More information about the mc-devel
mailing list