Bug 113756 - mc vulnerable to buffer exploit in vfs from archive files
mc vulnerable to buffer exploit in vfs from archive files
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: mc (Show other bugs)
1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-01-17 02:22 EST by Seth Vidal
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-03-11 08:42:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
mc.spec.patch (1.88 KB, patch)
2004-01-17 07:20 EST, Warren Togami
no flags Details | Diff

  None (edit)
Description Seth Vidal 2004-01-17 02:22:52 EST
Description of problem:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1023

Version-Release number of selected component (if applicable):
mc-4.6.0-6

How reproducible:
every time

download link from here:
http://mail.edunet.ru/Lists/bugtraq.securityfocus.com/Message/326.html


run mc, select that file.
mc in fc1 or rhl9 or rhl8 crashes
shouldn't crash - the crash is the overflow.
apply patch from here:
http://linux.duke.edu/~skvidal/RPMS/fedoralegacy/mc/mc-vfs-tar-symlink.patch

presto, it works.

I'll attach the patch and the spec file change.
Comment 1 Seth Vidal 2004-01-17 02:26:30 EST
not attaching to bugzilla - easier to link to the srpm
http://linux.duke.edu/~skvidal/RPMS/fedoralegacy/mc/mc-4.6.0-7.src.rpm

Comment 2 Warren Togami 2004-01-17 07:20:44 EST
Created attachment 97071 [details]
mc.spec.patch

Package cleanups including Seth's work.  This is mainly to serve as an example
of package cleanup for the benefit of other packagers.
Comment 3 Seth Vidal 2004-01-17 09:42:05 EST
1. is it normal to remove someone else's changelog entries?
2. this practice of adding the version number at the end of your name
on the changelog line is completely ridiculous no matter who does it.

 the reason, rpm headers have 3 fields: changelogname, changelogtime,
changelogtext.

when you put the version at the end of your name the version is put
into changelogname.

If you want to include the version it should be in changelogtext not
in changelogname.

Comment 4 Warren Togami 2004-01-17 16:05:14 EST
> 1. is it normal to remove someone else's changelog entries?

For RH packages yes it has been when importing external changes in the
past.  I was careful to keep your name as part of the credits.  In the
future I suppose that needs to change because external contributions
will become the norm.

I personally changed it mainly to reduce the amount of new stuff going
into that changelog. 

> 2. this practice of adding the version number at the end of your 
> name on the changelog line is completely ridiculous no matter who
> does it.

Discuss it on the list.  fedora.us has been requiring that for the
past year, while RH has doing it in most cases.  I am not about to
change now unless the entire group agrees on it.
Comment 5 Seth Vidal 2004-01-17 17:35:57 EST
1. Boy that seems odd to me given that my name is all over the vsftpd
changelog. rpm -q --changelog vsftpd and tell me what you see.

2. I will.
Comment 6 Warren Togami 2004-01-17 20:33:10 EST
1. It wasn't a policy.  I just noticed it was done to me a dozen times
in various packages.
Comment 7 Miloslav Trmac 2004-03-11 08:42:59 EST
Fixed in FEDORA-2004-058.

Note You need to log in before you can comment on or make changes to this bug.