Bug 148864 - CAN-2004-1004 multiple issues with mc (CAN-2004-1005 CAN-2005-1176)
CAN-2004-1004 multiple issues with mc (CAN-2004-1005 CAN-2005-1176)
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: mc (Show other bugs)
2.1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jindrich Novy
Jay Turner
impact=moderate,public=20050214
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-16 09:15 EST by Josh Bressers
Modified: 2015-01-07 19:09 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-08 12:03:54 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2005-02-16 09:15:57 EST
Two issues with mc have been reported to the Debian BTS.  You can find more
information here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295261
Comment 1 Josh Bressers 2005-02-16 09:17:57 EST
This issue should also affect RHEL2.1
Comment 2 Leonard den Ottolander 2005-02-22 18:39:54 EST
Please compare https://bugzilla.fedora.us/show_bug.cgi?id=2405 and
http://www.debian.org/security/2005/dsa-639 (mc CAN-2004-1004,
CAN-2004-1005, CAN-2004-1009, CAN-2004-1090, CAN-2004-1091,
CAN-2004-1092, CAN-2004-1093, CAN-2004-1174, CAN-2004-1175 and
CAN-2004-1176). These issues all affect mc <= 4.5.55. CAN-2004-1004,
-1005 and 1176 affect mc-4.6.0.

These issues do *not* affect RHEL 4.

Sorry for not opening a bug report for RHEL 2.1 for this. Too busy
with Fedora Legacy (RHL 7.3).
Comment 3 Jindrich Novy 2005-02-23 08:57:01 EST
Fixed in CVS.

ChangeLog says:
- port patch for CAN-2004-1176 from upstream CVS
- port from fedora legacy - Leonard den Ottolander (#148864):
  - CAN-2004-1004 - clean
  - CAN-2004-1005 - drop charsets.c, boxes.c, cpio.c hunks,
    fixed in 4.5.51, port sfs.c and key.c

Leonard, please let me know if you want the patches for 4.5.51.
Comment 4 Josh Bressers 2005-02-25 10:28:10 EST
CAN-2004-1004
Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and
earlier allow remote attackers to have an unknown impact.

CAN-2004-1005
Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow
remote attackers to have an unknown impact.

CAN-2004-1176
Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows
remote attackers to cause a denial of service.
Comment 5 Mark J. Cox (Product Security) 2005-03-04 04:08:41 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-217.html
Comment 6 Leonard den Ottolander 2005-03-06 12:00:41 EST
What about CAN-2004-1009, CAN-2004-1090, CAN-2004-1091, CAN-2004-1092,
CAN-2004-1093, CAN-2004-1174 and CAN-2004-1175 ??

Those issues affect mc <= 4.5.55 so they should also be fixed for RHEL
2.1.

It seems you think only CAN-2004-1004, CAN-2004-1005 and CAN-2005-1176
are relevant for RHEL 2.1. This is a false assumption.

Comment 7 Leonard den Ottolander 2005-03-06 12:05:29 EST
The full advisory for Debian features these bugs:

* CAN-2004-1004      Multiple format string vulnerabilities
* CAN-2004-1005      Multiple buffer overflows
* CAN-2004-1009      One infinite loop vulnerability
* CAN-2004-1090      Denial of service via corrupted section header
* CAN-2004-1091      Denial of service via null dereference
* CAN-2004-1092      Freeing unallocated memory
* CAN-2004-1093      Denial of service via use of already freed memory
* CAN-2004-1174      Denial of service via manipulating non-existing
file handles
* CAN-2004-1175      Unintended program execution via insecure
filename quoting
* CAN-2004-1176      Denial of service via a buffer underflow
Comment 8 Jindrich Novy 2005-03-07 11:04:29 EST
Leonard, thanks for noticing this.

Josh, do we need to open another bug for the noted CANs?
Comment 9 Josh Bressers 2005-03-07 11:19:27 EST
Jindrich,

Yes we'll want to open a new bug for all these issues.  We also need
to figure out what these are and find some fixes.  Do you know if/when
upstream has fixed these?
Comment 10 Jindrich Novy 2005-03-08 12:03:54 EST
CAN-2004-1009: mc-4.5.51 (RHEL2.1) vulnerable, FC3/devel versions unaffected
(gnome support dropped)

CAN-2004-1090: mc-4.5.51 (RHEL2.1) vulnerable, patch applied in FC3/devel mc version

CAN-2004-1091: mc-4.5.51 (RHEL2.1) vulnerable, FC3/devel versions unaffected
(gnome support dropped)

CAN-2004-1092: mc-4.5.51 (RHEL2.1) NOT vulnerable -> no implementation for
mc_mkstemps(), FC3/devel versions unaffected (no gnome support, fixed
implementattion of mc_mkstemps)

CAN-2004-1093: mc-4.5.51 (RHEL2.1) vulnerable, FC3/devel mc unaffected

CAN-2004-1174: mc-4.5.51 (RHEL2.1) vulnerable, FC3/devel mc unaffected

CAN-2004-1175: mc-4.5.51 (RHEL2.1) vulnerable, FC3/devel mc unaffected

Josh, could you please open a new bug for this? Note that only RHEL2.1 mc is
affected.

Closing ERRATA again because the CANs reported by the original bugreport are
resolved and erratum is released.
Comment 11 Leonard den Ottolander 2005-03-08 17:45:22 EST
Josh,

Just follow the pointers that I put in comment #2. See the SRPM for
RHL 7.3 or dig into Debian's patch archive to extract the appropriate
patches. They are clearly commented, but IIRC they are diffs of diffs.

Note You need to log in before you can comment on or make changes to this bug.