Midnight Commander Multiple vulnerabilities

Pavel Tsekov ptsekov at gmx.net
Thu Apr 7 12:34:20 UTC 2005


Hello,

I don't see any reason not to post this question on the general MC
discussions list: mc at gnome dot org .

On Thu, 7 Apr 2005, Cleve Philippe wrote:

> Hi,
>
> Searching information about Midnight Commander on the net, I've found
> multiple documents saying:
>
> "A vulnerability has been identified in Midnight Commander (mc), which
> potentially can be exploited by malicious people to compromise a user's
> system.
>
> The vulnerability is caused due to a boundary error when handling
> symlinks in compressed files. This can be exploited by constructing a
> compressed file containing overly long, specially crafted symlinks. This
> will cause a stack overflow when a user tries to view the content of the
> malicious compressed file using mc.
>
> The vulnerability has been confirmed in version 4.5.55 but should
> reportedly affect versions 4.5.52 through 4.6.0."
>
> Where are currently using mc 4.6.0 on Solaris 9.
>
> What's the situation in our case?
>
> Does any correction exist?
>
> Regards.
>
> Philippe



More information about the mc-devel mailing list