First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 45957
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Tobias Weisserth <tobias@weisserth.de>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
klieber:
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 45957 depends on: Show dependency tree
Bug 45957 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-03-28 02:26 0000 
Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for
Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows
remote attackers to execute arbitrary code during symlink conversion.

See URL for more information.

Reproducible: Always
Steps to Reproduce:




This has been posted as a SCO OpenLInux advisory on bugtraq and full-disclosure
on 25/03/2004.

------- Comment #1 From Kurt Lieber 2004-03-28 03:27:51 0000 ------- 
Heinrich -- could you take a look at this?

------- Comment #2 From Dominik Schäfer 2004-03-28 04:11:54 0000 ------- 
I think this has been fixed in MCs CVS on 16. Oct 2003, in revision 1.75
of direntry.c, look at:
http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c
I believe, this issue is not fixed in Portage, because I find nothing in
Changelog and no patch in files/.
It should be fixed in the latest test version, 4.6.1-pre1 (released
December 24, 2003). I'm afraid that the development of mc is not the
fastest and it could take some time until the next stable version is
released.
Either we wait or we could try to prepare a patch ourselves.
Unfortunately I'm not experienced enough in programming (in C) so I don't dare
to try this myself. The diff from 1.74 to the apparently fixed reversion
1.75 can be found here:
http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c.diff?r1=1.74&r2=1.75
The diff between 1.57 (contained in the last stable version, mc-4.6.0)
and 1.75:
http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c.diff?r1=1.75&r2=1.57

------- Comment #3 From Heinrich Wendel (RETIRED) 2004-03-29 02:40:12 0000 ------- 
-r5 contains a fix, marked stable

------- Comment #4 From Kurt Lieber 2004-03-29 02:42:54 0000 ------- 
adding herds and bumping priority.

Herdfolk -- please test and mark stable on your arches.

------- Comment #5 From Lars Weiler (RETIRED) 2004-03-29 02:55:17 0000 ------- 
It is already stable on all archs, so it seems we should just test it.

------- Comment #6 From Sven Blumenstein (RETIRED) 2004-03-29 03:41:20 0000 ------- 
Just curious, who marked it stable on sparc? I see no changelog entry for the
KEYWORD change.

------- Comment #7 From Lars Weiler (RETIRED) 2004-03-29 04:23:08 0000 ------- 
Nevertheless, it works on ppc.  Removing from Cc.

------- Comment #8 From Heinrich Wendel (RETIRED) 2004-03-29 04:36:16 0000 ------- 
sorry, i marked it stable on all arches since the patch was fairly trivial

------- Comment #9 From Sven Blumenstein (RETIRED) 2004-03-29 06:07:38 0000 ------- 
>> sorry, i marked it stable on all arches since the patch was fairly trivial

Would be nice to mention this in the ChangeLog. Removing sparc, works fine.

------- Comment #10 From Kurt Lieber 2004-03-29 07:41:22 0000 ------- 
glsa 200403-09
First Last Prev Next    No search results available      Search page      Enter new bug