SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Midnight Commander Vendors:   GNU Midnight Commander Project
(Red Hat Issues Fix for Fedora) Midnight Commander Has Multiple Bugs That May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1010063
SecurityTracker URL:  http://securitytracker.com/id/1010063
CVE Reference:   CVE-2004-0226, CVE-2004-0231, CVE-2004-0232   (Links to External Site)
Date:  May 4 2004
Impact:   User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 4.6.0-14.10
Description:   Several vulnerabilities were reported in Midnight Commander. A local user may be able to obtain elevated privileges.

Debian and Mandrake reported multiple vulnerabilities in Midnight Commander. The flaws include several buffer overflows [CVE: CVE-2004-0226], a format string vulnerability [CVE: CVE-2004-0232], and a temporary file and directory creation vulnerability [CVE: CVE-2004-0231].

Jacub Jelinek is credited with discovering the flaws.

Impact:   A local user may be able to gain the privileges of the user running mc.
Solution:   Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

b032b48a63ae1f70296d541e470bd9df SRPMS/mc-4.6.0-14.10.src.rpm
a7ccdcc1744b3ebb1c14842d5a94a437 i386/mc-4.6.0-14.10.i386.rpm
b4a4085af11f8bb7da015080e9ae9301 i386/debug/mc-debuginfo-4.6.0-14.10.i386.rpm
4dbc04a7c8795eeb5098a6d8a87ed38b x86_64/mc-4.6.0-14.10.x86_64.rpm
6c3a6ec0e4a85269be2438791c7eb2e7 x86_64/debug/mc-debuginfo-4.6.0-14.10.x86_64.rpm

Vendor URL:  www.ibiblio.org/mc/ (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error, State error
Underlying OS:  Linux (Red Hat Fedora)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 30 2004 Midnight Commander Has Multiple Bugs That May Let Local Users Gain Elevated Privileges



 Source Message Contents

Subject:  [SECURITY] Fedora Core 1 Update: mc-4.6.0-14.10



---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-112
2004-04-30
---------------------------------------------------------------------

Name        : mc
Version     : 4.6.0                      
Release     : 14.10                  
Summary     : User-friendly text console file manager and visual shell.
Description :
Midnight Commander is a visual shell much like a file manager, only
with many more features. It is a text mode application, but it also
includes mouse support if you are running GPM. Midnight Commander's
best features are its ability to FTP, view tar and zip files, and to
poke into RPMs for specific files.

---------------------------------------------------------------------
Update Information:

Several buffer overflows, several temporary file creation
vulnerabilities, and one format string vulnerability have been
discovered in Midnight Commander.  These vulnerabilities were
discovered mostly by Andrew V. Samoilov and Pavel Roskin.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CAN-2004-0226, CAN-2004-0231, and CAN-2004-0232 to these
issues.

---------------------------------------------------------------------
* Fri Apr 16 2004 Jakub Jelinek <jakub@redhat.com> 4.6.0-14.10

- don't use mmap if st_size doesn't fit into size_t
- fix one missed match_normal -> match_regex
- rebuilt for FC1 updates

* Fri Apr 16 2004 Jakub Jelinek <jakub@redhat.com> 4.6.0-14

- avoid buffer overflows in mcedit Replace function

* Wed Apr 14 2004 Jakub Jelinek <jakub@redhat.com> 4.6.0-13

- perl scripting fix

* Wed Apr 14 2004 Jakub Jelinek <jakub@redhat.com> 4.6.0-12

- fix a bug in complete.c introduced by last patch
- export MC_TMPDIR env variable
- avoid integer overflows in free diskspace % counting
- put temporary files into $MC_TMPDIR tree if possible,
  use mktemp/mkdtemp

* Mon Apr 05 2004 Jakub Jelinek <jakub@redhat.com> 4.6.0-11

- fix a bunch of buffer overflows and memory leaks (CAN-2004-0226)
- fix hardlink handling in cpio filesystem
- fix handling of filenames with single/double quotes and backslashes
  in /usr/share/mc/extfs/rpm
- update php.syntax file (#112645)
- fix crash with large syntax file (#112644)
- update CAN-2003-1023 fix to still make vfs symlinks relative,
  but with bounds checking

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

b032b48a63ae1f70296d541e470bd9df  SRPMS/mc-4.6.0-14.10.src.rpm
a7ccdcc1744b3ebb1c14842d5a94a437  i386/mc-4.6.0-14.10.i386.rpm
b4a4085af11f8bb7da015080e9ae9301  i386/debug/mc-debuginfo-4.6.0-14.10.i386.rpm
4dbc04a7c8795eeb5098a6d8a87ed38b  x86_64/mc-4.6.0-14.10.x86_64.rpm
6c3a6ec0e4a85269be2438791c7eb2e7  x86_64/debug/mc-debuginfo-4.6.0-14.10.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------


--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC