Bug 148864 - CAN-2004-1004 multiple issues with mc (CAN-2004-1005 CAN-2005-1176)
Summary: CAN-2004-1004 multiple issues with mc (CAN-2004-1005 CAN-2005-1176)
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: mc
Version: 2.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jindrich Novy
QA Contact: Jay Turner
URL:
Whiteboard: impact=moderate,public=20050214
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-02-16 14:15 UTC by Josh Bressers
Modified: 2015-01-08 00:09 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-03-08 17:03:54 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:217 0 normal SHIPPED_LIVE Moderate: mc security update 2005-03-04 05:00:00 UTC

Description Josh Bressers 2005-02-16 14:15:57 UTC
Two issues with mc have been reported to the Debian BTS.  You can find more
information here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295261

Comment 1 Josh Bressers 2005-02-16 14:17:57 UTC
This issue should also affect RHEL2.1

Comment 2 Leonard den Ottolander 2005-02-22 23:39:54 UTC
Please compare https://bugzilla.fedora.us/show_bug.cgi?id=2405 and
http://www.debian.org/security/2005/dsa-639 (mc CAN-2004-1004,
CAN-2004-1005, CAN-2004-1009, CAN-2004-1090, CAN-2004-1091,
CAN-2004-1092, CAN-2004-1093, CAN-2004-1174, CAN-2004-1175 and
CAN-2004-1176). These issues all affect mc <= 4.5.55. CAN-2004-1004,
-1005 and 1176 affect mc-4.6.0.

These issues do *not* affect RHEL 4.

Sorry for not opening a bug report for RHEL 2.1 for this. Too busy
with Fedora Legacy (RHL 7.3).


Comment 3 Jindrich Novy 2005-02-23 13:57:01 UTC
Fixed in CVS.

ChangeLog says:
- port patch for CAN-2004-1176 from upstream CVS
- port from fedora legacy - Leonard den Ottolander (#148864):
  - CAN-2004-1004 - clean
  - CAN-2004-1005 - drop charsets.c, boxes.c, cpio.c hunks,
    fixed in 4.5.51, port sfs.c and key.c

Leonard, please let me know if you want the patches for 4.5.51.

Comment 4 Josh Bressers 2005-02-25 15:28:10 UTC
CAN-2004-1004
Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and
earlier allow remote attackers to have an unknown impact.

CAN-2004-1005
Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow
remote attackers to have an unknown impact.

CAN-2004-1176
Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows
remote attackers to cause a denial of service.

Comment 5 Mark J. Cox 2005-03-04 09:08:41 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-217.html


Comment 6 Leonard den Ottolander 2005-03-06 17:00:41 UTC
What about CAN-2004-1009, CAN-2004-1090, CAN-2004-1091, CAN-2004-1092,
CAN-2004-1093, CAN-2004-1174 and CAN-2004-1175 ??

Those issues affect mc <= 4.5.55 so they should also be fixed for RHEL
2.1.

It seems you think only CAN-2004-1004, CAN-2004-1005 and CAN-2005-1176
are relevant for RHEL 2.1. This is a false assumption.



Comment 7 Leonard den Ottolander 2005-03-06 17:05:29 UTC
The full advisory for Debian features these bugs:

* CAN-2004-1004      Multiple format string vulnerabilities
* CAN-2004-1005      Multiple buffer overflows
* CAN-2004-1009      One infinite loop vulnerability
* CAN-2004-1090      Denial of service via corrupted section header
* CAN-2004-1091      Denial of service via null dereference
* CAN-2004-1092      Freeing unallocated memory
* CAN-2004-1093      Denial of service via use of already freed memory
* CAN-2004-1174      Denial of service via manipulating non-existing
file handles
* CAN-2004-1175      Unintended program execution via insecure
filename quoting
* CAN-2004-1176      Denial of service via a buffer underflow


Comment 8 Jindrich Novy 2005-03-07 16:04:29 UTC
Leonard, thanks for noticing this.

Josh, do we need to open another bug for the noted CANs?

Comment 9 Josh Bressers 2005-03-07 16:19:27 UTC
Jindrich,

Yes we'll want to open a new bug for all these issues.  We also need
to figure out what these are and find some fixes.  Do you know if/when
upstream has fixed these?

Comment 10 Jindrich Novy 2005-03-08 17:03:54 UTC
CAN-2004-1009: mc-4.5.51 (RHEL2.1) vulnerable, FC3/devel versions unaffected
(gnome support dropped)

CAN-2004-1090: mc-4.5.51 (RHEL2.1) vulnerable, patch applied in FC3/devel mc version

CAN-2004-1091: mc-4.5.51 (RHEL2.1) vulnerable, FC3/devel versions unaffected
(gnome support dropped)

CAN-2004-1092: mc-4.5.51 (RHEL2.1) NOT vulnerable -> no implementation for
mc_mkstemps(), FC3/devel versions unaffected (no gnome support, fixed
implementattion of mc_mkstemps)

CAN-2004-1093: mc-4.5.51 (RHEL2.1) vulnerable, FC3/devel mc unaffected

CAN-2004-1174: mc-4.5.51 (RHEL2.1) vulnerable, FC3/devel mc unaffected

CAN-2004-1175: mc-4.5.51 (RHEL2.1) vulnerable, FC3/devel mc unaffected

Josh, could you please open a new bug for this? Note that only RHEL2.1 mc is
affected.

Closing ERRATA again because the CANs reported by the original bugreport are
resolved and erratum is released.


Comment 11 Leonard den Ottolander 2005-03-08 22:45:22 UTC
Josh,

Just follow the pointers that I put in comment #2. See the SRPM for
RHL 7.3 or dig into Debian's patch archive to extract the appropriate
patches. They are clearly commented, but IIRC they are diffs of diffs.



Note You need to log in before you can comment on or make changes to this bug.