Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion. See URL for more information. Reproducible: Always Steps to Reproduce: This has been posted as a SCO OpenLInux advisory on bugtraq and full-disclosure on 25/03/2004.
Heinrich -- could you take a look at this?
I think this has been fixed in MCs CVS on 16. Oct 2003, in revision 1.75 of direntry.c, look at: http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c I believe, this issue is not fixed in Portage, because I find nothing in Changelog and no patch in files/. It should be fixed in the latest test version, 4.6.1-pre1 (released December 24, 2003). I'm afraid that the development of mc is not the fastest and it could take some time until the next stable version is released. Either we wait or we could try to prepare a patch ourselves. Unfortunately I'm not experienced enough in programming (in C) so I don't dare to try this myself. The diff from 1.74 to the apparently fixed reversion 1.75 can be found here: http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c.diff?r1=1.74&r2=1.75 The diff between 1.57 (contained in the last stable version, mc-4.6.0) and 1.75: http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c.diff?r1=1.75&r2=1.57
-r5 contains a fix, marked stable
adding herds and bumping priority. Herdfolk -- please test and mark stable on your arches.
It is already stable on all archs, so it seems we should just test it.
Just curious, who marked it stable on sparc? I see no changelog entry for the KEYWORD change.
Nevertheless, it works on ppc. Removing from Cc.
sorry, i marked it stable on all arches since the patch was fairly trivial
>> sorry, i marked it stable on all arches since the patch was fairly trivial Would be nice to mention this in the ChangeLog. Removing sparc, works fine.
glsa 200403-09