SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Midnight Commander Vendors:   Gnome Development Team
(Gentoo Issues Fix) Midnight Commander Uninitialized Buffer May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1009590
SecurityTracker URL:  http://securitytracker.com/id/1009590
CVE Reference:   CVE-2003-1023   (Links to External Site)
Date:  Mar 29 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Confirmed on 4.5.52 - 4.6.0
Description:   A vulnerability was reported in Midnight Commander. A malicious compressed archive can cause the application to execute arbitrary code.

It is reported that 'vfs/direntry.c' uses an uninitialized buffer for processing symbolic links (symlinks) in compressed archives. The flaw reportedly resides in the vfs_s_resolve_symlink() function. A remote user can create a malicious file so that when a target user processes the file using Midnight Commander, arbitrary code contained in the file will be executed with the privileges of the target user.

A demonstration exploit is provided at:

http://buggzy.narod.ru/exp.tgz

Impact:   A remote user can create an archive that, when processed by a target user, will cause arbitrary code to be executed with the privileges of the target user.
Solution:   Gentoo has issued a fix and recommends that all users upgrade to the current version of the affected package:

# emerge sync

# emerge -pv ">=app-misc/mc-4.6.0-r5"
# emerge ">=app-misc/mc-4.6.0-r5"

Vendor URL:  gnome.org/ (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Gentoo)

Message History:   This archive entry is a follow-up to the message listed below.
Sep 19 2003 Midnight Commander Uninitialized Buffer May Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [ GLSA 200403-09 ] Buffer overflow in Midnight Commander


--NzNDI+ywLU1Yk1Ay
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200403-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                             http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: Buffer overflow in Midnight Commander
      Date: March 29, 2004
      Bugs: #45957
        ID: 200403-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A remotely-exploitable buffer overflow in Midnight Commander allows
arbitrary code to be run on a user's computer

Background
==========

Midnight Commander is a visual file manager.

Affected packages
=================

    -------------------------------------------------------------------
     Package      /    Vulnerable    /                        Unaffected
    -------------------------------------------------------------------
     app-misc/mc       <= 4.6.0-r4                           >= 4.6.0-r5

Description
===========

A stack-based buffer overflow has been found in Midnight Commander's
virtual filesystem.

Impact
======

This overflow allows an attacker to run arbitrary code on the user's
computer during the symlink conversion process.

Workaround
==========

While a workaround is not currently known for this issue, all users are
advised to upgrade to the latest version of the affected package.

Resolution
==========

All users should upgrade to the current version of the affected
package:

    # emerge sync

    # emerge -pv ">=app-misc/mc-4.6.0-r5"
    # emerge ">=app-misc/mc-4.6.0-r5"

References
==========

  [ 1 ] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1023

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.


--NzNDI+ywLU1Yk1Ay
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAaEFzJPpRNiftIEYRAvcYAJ42pKK4CoYJPcWZvCxF/G1djT9jlACfTWuM
KDVyOHOb8vybQop+tWARcNo=
=e6Le
-----END PGP SIGNATURE-----

--NzNDI+ywLU1Yk1Ay--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC