|Summary:||Midnight Commander: Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c|
|Product:||Gentoo Security||Reporter:||Tobias Weisserth <tobias>|
|Component:||GLSA Errors||Assignee:||Gentoo Security <security>|
|Package list:||Runtime testing required:||---|
Description Tobias Weisserth 2004-03-28 02:26:42 UTC
Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion. See URL for more information. Reproducible: Always Steps to Reproduce: This has been posted as a SCO OpenLInux advisory on bugtraq and full-disclosure on 25/03/2004.
Comment 1 Kurt Lieber (RETIRED) 2004-03-28 03:27:51 UTC
Heinrich -- could you take a look at this?
Comment 2 schaedpq 2004-03-28 04:11:54 UTC
I think this has been fixed in MCs CVS on 16. Oct 2003, in revision 1.75 of direntry.c, look at: http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c I believe, this issue is not fixed in Portage, because I find nothing in Changelog and no patch in files/. It should be fixed in the latest test version, 4.6.1-pre1 (released December 24, 2003). I'm afraid that the development of mc is not the fastest and it could take some time until the next stable version is released. Either we wait or we could try to prepare a patch ourselves. Unfortunately I'm not experienced enough in programming (in C) so I don't dare to try this myself. The diff from 1.74 to the apparently fixed reversion 1.75 can be found here: http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c.diff?r1=1.74&r2=1.75 The diff between 1.57 (contained in the last stable version, mc-4.6.0) and 1.75: http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c.diff?r1=1.75&r2=1.57
Comment 3 Heinrich Wendel (RETIRED) 2004-03-29 02:40:12 UTC
-r5 contains a fix, marked stable
Comment 4 Kurt Lieber (RETIRED) 2004-03-29 02:42:54 UTC
adding herds and bumping priority. Herdfolk -- please test and mark stable on your arches.
Comment 5 Lars Weiler (RETIRED) 2004-03-29 02:55:17 UTC
It is already stable on all archs, so it seems we should just test it.
Comment 6 Sven Blumenstein (RETIRED) 2004-03-29 03:41:20 UTC
Just curious, who marked it stable on sparc? I see no changelog entry for the KEYWORD change.
Comment 7 Lars Weiler (RETIRED) 2004-03-29 04:23:08 UTC
Nevertheless, it works on ppc. Removing from Cc.
Comment 8 Heinrich Wendel (RETIRED) 2004-03-29 04:36:16 UTC
sorry, i marked it stable on all arches since the patch was fairly trivial
Comment 9 Sven Blumenstein (RETIRED) 2004-03-29 06:07:38 UTC
>> sorry, i marked it stable on all arches since the patch was fairly trivial Would be nice to mention this in the ChangeLog. Removing sparc, works fine.
Comment 10 Kurt Lieber (RETIRED) 2004-03-29 07:41:22 UTC