(Gentoo Issues Fix) Midnight Commander Uninitialized Buffer May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1009590 |
|
SecurityTracker URL: http://securitytracker.com/id/1009590
|
|
CVE Reference:
CAN-2003-1023
(Links to External Site)
|
Date: Mar 29 2004
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): Confirmed on 4.5.52 - 4.6.0
|
Description:
A vulnerability was reported in Midnight Commander. A malicious compressed archive can cause the application to execute arbitrary code.
It is reported that 'vfs/direntry.c' uses an uninitialized buffer for processing symbolic links (symlinks) in compressed archives. The flaw reportedly resides in the vfs_s_resolve_symlink() function. A remote user can create a malicious file so that when a target user processes the file using Midnight Commander, arbitrary code contained in the file will be executed with the privileges of the target user.
A demonstration exploit is provided at:
http://buggzy.narod.ru/exp.tgz
|
Impact:
A remote user can create an archive that, when processed by a target user, will cause arbitrary code to be executed with the privileges of the target user.
|
Solution:
Gentoo has issued a fix and recommends that all users upgrade to the current version of the affected package:
# emerge sync
# emerge -pv ">=app-misc/mc-4.6.0-r5"
# emerge ">=app-misc/mc-4.6.0-r5"
|
Vendor URL: gnome.org/ (Links to External Site)
|
Cause:
State error
|
Underlying OS:
Linux (Gentoo)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Mon, 29 Mar 2004 10:32:03 -0500
Subject: [ GLSA 200403-09 ] Buffer overflow in Midnight Commander
|
--NzNDI+ywLU1Yk1Ay
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Buffer overflow in Midnight Commander
Date: March 29, 2004
Bugs: #45957
ID: 200403-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A remotely-exploitable buffer overflow in Midnight Commander allows
arbitrary code to be run on a user's computer
Background
==========
Midnight Commander is a visual file manager.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
app-misc/mc <= 4.6.0-r4 >= 4.6.0-r5
Description
===========
A stack-based buffer overflow has been found in Midnight Commander's
virtual filesystem.
Impact
======
This overflow allows an attacker to run arbitrary code on the user's
computer during the symlink conversion process.
Workaround
==========
While a workaround is not currently known for this issue, all users are
advised to upgrade to the latest version of the affected package.
Resolution
==========
All users should upgrade to the current version of the affected
package:
# emerge sync
# emerge -pv ">=app-misc/mc-4.6.0-r5"
# emerge ">=app-misc/mc-4.6.0-r5"
References
==========
[ 1 ] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1023
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
--NzNDI+ywLU1Yk1Ay
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAaEFzJPpRNiftIEYRAvcYAJ42pKK4CoYJPcWZvCxF/G1djT9jlACfTWuM
KDVyOHOb8vybQop+tWARcNo=
=e6Le
-----END PGP SIGNATURE-----
--NzNDI+ywLU1Yk1Ay--
|
|
