Hello, On Thu, 7 Apr 2005, Cleve Philippe wrote:
> Hi, > > Searching information about Midnight Commander on the net, I've found > multiple documents saying: > > "A vulnerability has been identified in Midnight Commander (mc), which > potentially can be exploited by malicious people to compromise a user's > system. > > The vulnerability is caused due to a boundary error when handling > symlinks in compressed files. This can be exploited by constructing a > compressed file containing overly long, specially crafted symlinks. This > will cause a stack overflow when a user tries to view the content of the > malicious compressed file using mc. > > The vulnerability has been confirmed in version 4.5.55 but should > reportedly affect versions 4.5.52 through 4.6.0." > > Where are currently using mc 4.6.0 on Solaris 9. > > What's the situation in our case? Your version has this vulnerability. > Does any correction exist? Yes. This vulnerability has been fixed in MC 4.6.1-pre2 and up. You can download an unofficial release from http://pavelsh.pp.ru/wiki/doku.php?id=mc-prerelease or get MC from CVS (use the MC_4_6_1_PRE branch). _______________________________________________ Mc mailing list http://mail.gnome.org/mailman/listinfo/mc
