Midnight Commander Buffer Overflow in insert_text() May Let Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1014223 |
|
SecurityTracker URL: http://securitytracker.com/id/1014223
|
|
CVE Reference:
CAN-2005-0763
(Links to External Site)
|
Date: Jun 17 2005
|
Impact:
Execution of arbitrary code via local system, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 4.5.55
|
Description:
A buffer overflow vulnerability was reported in Midnight Commander. A local user may be able to obtain elevated privileges.
The vulnerability resides in the insert_text() function in 'src/complete.c'.
[Editor's note: This vulnerability was disclosed by the vendor in March 2002, but Debian recently disclosed that the vulnerability had not been fixed in Debian's version.]
|
Impact:
A local user may be able to obtain elevated privileges.
|
Solution:
The vendor issued a fixed version (4.6.0) in August 2002, available at:
http://www.ibiblio.org/pub/Linux/utils/file/managers/mc/
|
Vendor URL: www.ibiblio.org/mc/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Fri, 17 Jun 2005 00:05:08 -0400
Subject: [none]
|
CVE: CAN-2005-0763
In March 2005, Debian reported a buffer overflow in Midnight Commander version 4.55.
The vulnerability resides in the insert_text() function in 'src/complete.c'.
This flaw was corrected in the upstream CVS in March 2002 and is included in version
4.6.0.
Andrew V. Samoilov is credited with discovering this flaw.
|
|
