Midnight Commander Multiple vulnerabilities
Pavel Tsekov
ptsekov at gmx.net
Fri Apr 8 07:43:06 UTC 2005
Hello,
On Thu, 7 Apr 2005, Leonard den Ottolander wrote:
> Hello Cleve,
>
> On Thu, 2005-04-07 at 15:16, Cleve Philippe wrote:
> > "A vulnerability has been identified in Midnight Commander (mc), which
> > potentially can be exploited by malicious people to compromise a user's
> > system.
>
> Would you happen to have a CAN number for this issue, or another
> reference? If this issue doesn't yet have a CAN number maybe we should
> get one assigned?
>From the original message
[...]
The vulnerability is caused due to a boundary error when handling
symlinks in compressed files. This can be exploited by constructing a
compressed file containing overly long, specially crafted symlinks. This
will cause a stack overflow when a user tries to view the content of the
malicious compressed file using mc.
[...]
which appears to be CAN-2003-1023.
More information about the mc
mailing list