SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Midnight Commander Vendors:   GNU Midnight Commander Project
Midnight Commander Buffer Overflow in insert_text() May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1014223
SecurityTracker URL:  http://securitytracker.com/id/1014223
CVE Reference:   CVE-2005-0763   (Links to External Site)
Date:  Jun 17 2005
Impact:   Execution of arbitrary code via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.5.55
Description:   A buffer overflow vulnerability was reported in Midnight Commander. A local user may be able to obtain elevated privileges.

The vulnerability resides in the insert_text() function in 'src/complete.c'.

[Editor's note: This vulnerability was disclosed by the vendor in March 2002, but Debian recently disclosed that the vulnerability had not been fixed in Debian's version.]

Impact:   A local user may be able to obtain elevated privileges.
Solution:   The vendor issued a fixed version (4.6.0) in August 2002, available at:

http://www.ibiblio.org/pub/Linux/utils/file/managers/mc/

Vendor URL:  www.ibiblio.org/mc/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 17 2005 (Debian Issues Fix) Midnight Commander Buffer Overflow in insert_text() May Let Local Users Gain Elevated Privileges
Debian has issued a fix.
Jun 17 2005 (Red Hat Issues Fix) Midnight Commander Buffer Overflow in insert_text() May Let Local Users Gain Elevated Privileges
Red Hat has released a fix.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC