Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 45957 - Midnight Commander: Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c
Summary: Midnight Commander: Stack-based buffer overflow in vfs_s_resolve_symlink of v...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: GLSA Errors (show other bugs)
Hardware: All Linux
: Highest critical (vote)
Assignee: Gentoo Security
URL: http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-03-28 02:26 UTC by Tobias Weisserth
Modified: 2004-09-22 21:42 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---
klieber: Pending-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Weisserth 2004-03-28 02:26:42 UTC
Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion.

See URL for more information.

Reproducible: Always
Steps to Reproduce:




This has been posted as a SCO OpenLInux advisory on bugtraq and full-disclosure
on 25/03/2004.
Comment 1 Kurt Lieber (RETIRED) gentoo-dev 2004-03-28 03:27:51 UTC
Heinrich -- could you take a look at this?
Comment 2 schaedpq 2004-03-28 04:11:54 UTC
I think this has been fixed in MCs CVS on 16. Oct 2003, in revision 1.75
of direntry.c, look at:
http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c
I believe, this issue is not fixed in Portage, because I find nothing in
Changelog and no patch in files/.
It should be fixed in the latest test version, 4.6.1-pre1 (released
December 24, 2003). I'm afraid that the development of mc is not the
fastest and it could take some time until the next stable version is
released.
Either we wait or we could try to prepare a patch ourselves.
Unfortunately I'm not experienced enough in programming (in C) so I don't dare
to try this myself. The diff from 1.74 to the apparently fixed reversion
1.75 can be found here:
http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c.diff?r1=1.74&r2=1.75
The diff between 1.57 (contained in the last stable version, mc-4.6.0)
and 1.75:
http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c.diff?r1=1.75&r2=1.57
Comment 3 Heinrich Wendel (RETIRED) gentoo-dev 2004-03-29 02:40:12 UTC
-r5 contains a fix, marked stable
Comment 4 Kurt Lieber (RETIRED) gentoo-dev 2004-03-29 02:42:54 UTC
adding herds and bumping priority.

Herdfolk -- please test and mark stable on your arches.
Comment 5 Lars Weiler (RETIRED) gentoo-dev 2004-03-29 02:55:17 UTC
It is already stable on all archs, so it seems we should just test it.
Comment 6 Sven Blumenstein (RETIRED) gentoo-dev 2004-03-29 03:41:20 UTC
Just curious, who marked it stable on sparc? I see no changelog entry for the KEYWORD change.
Comment 7 Lars Weiler (RETIRED) gentoo-dev 2004-03-29 04:23:08 UTC
Nevertheless, it works on ppc.  Removing from Cc.
Comment 8 Heinrich Wendel (RETIRED) gentoo-dev 2004-03-29 04:36:16 UTC
sorry, i marked it stable on all arches since the patch was fairly trivial
Comment 9 Sven Blumenstein (RETIRED) gentoo-dev 2004-03-29 06:07:38 UTC
>> sorry, i marked it stable on all arches since the patch was fairly trivial

Would be nice to mention this in the ChangeLog. Removing sparc, works fine.
Comment 10 Kurt Lieber (RETIRED) gentoo-dev 2004-03-29 07:41:22 UTC
glsa 200403-09