[MBT] new ticket for pkg mc "allows remote attackers to execute arbitrary code during symlink conversion"
bugs at pld-linux.org
bugs at pld-linux.org
Wed Jan 28 16:36:28 CET 2004
Date: 2004-01-28 16:36:27+01 Author: (kreutzm) <kreutzm at itp.uni-hannover.de>
Title: allows remote attackers to execute arbitrary code during symlink conversion
Ticket ID: #815
Ticket URL: http://bugs.pld-linux.org/?bug=815
Package: mc-1:4.5.55-10
Distribution: PLD-1.0.main
Category: security problem
Current state: opened
Text:
For details see CAN-2003-1023:
Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion.
Also DSA 424-1
Further I believe this is the issue mentioned in the following SuSE SA:
SuSE-SA:2003:044
SuSE-SA:2003:045
SuSE-SA:2003:046
SuSE-SA:2003:047
SuSE-SA:2003:049
SuSE-SA:2003:050
SuSE-SA:2003:051
SuSE-SA:2004:001
SuSE-SA:2004:002
More information about the pld-bugs
mailing list