Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 114540 - CAN-2003-1023 mc stack overflow
CAN-2003-1023 mc stack overflow
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: mc (Show other bugs)
1
All Linux
high Severity high
: ---
: ---
Assigned To: Jakub Jelinek
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-01-29 07:10 EST by Leonard den Ottolander
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version: 4.6.0-8.4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-02-09 10:56:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Leonard den Ottolander 2004-01-29 07:10:14 EST 
A buffer overflow has been found in Midnight Commander's virtual
filesystem code. Specifically, a stack-based buffer overflow in
vfs_s_resolve_symlink of vfs/direntry.c allows remote attackers to
execute arbitrary code during symlink conversion.

Also see bug #113849 and bug #113850
Comment 2 Leonard den Ottolander 2004-02-04 16:32:26 EST 
The patch was already included in 8.1, but at that time not announced
as a security update (actually not announced at all).

8.4 should be pushed to the main update tree ASAP as this is a serious
vulnerability and not every body runs or checks testing, so I assume
90% of people running Fedora are still vulnerable.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.