113849 – CAN-2003-1023 mc stack overflow

Bug 113849 - CAN-2003-1023 mc stack overflow

Summary: CAN-2003-1023 mc stack overflow

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	mc
Sub Component:
Version:	9
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jakub Jelinek
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-01-19 15:25 UTC by Mark J. Cox
Modified:	2007-04-18 17:01 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2004-01-29 12:46:23 UTC
Embargoed:

Attachments	(Terms of Use)

Description Mark J. Cox 2004-01-19 15:25:55 UTC

A buffer overflow has been found in Midnight Commander's virtual
filesystem code. Specifically, a stack-based buffer overflow in
vfs_s_resolve_symlink of vfs/direntry.c allows remote attackers to
execute arbitrary code during symlink conversion.

Errata RHSA-2004:034 in progress

Comment 1 Leonard den Ottolander 2004-01-29 12:07:36 UTC

This is in ERRATA and can be closed as such.

Comment 2 Mark J. Cox 2004-01-29 12:46:23 UTC

Yeah, RHSA-2004:034 was released on the 21st:
http://rhn.redhat.com/errata/RHSA-2004-034.html

Comment 3 Leonard den Ottolander 2004-01-30 10:27:08 UTC

And what about Fedora Core (bug #114540)? A test update was made
available on the 19th, but no announcement was made on either the test
list, the main list or the devel list.

This update should be announced and moved to the main tree.

While I am at it let me shamelessly plug the one line fix from bug
#112644. Please get it in testing. I've been using it for over a month
without any problem.

Note You need to log in before you can comment on or make changes to this bug.