Hi, Searching information about Midnight Commander on the net, I've found multiple documents saying:
"A vulnerability has been identified in Midnight Commander (mc), which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when handling symlinks in compressed files. This can be exploited by constructing a compressed file containing overly long, specially crafted symlinks. This will cause a stack overflow when a user tries to view the content of the malicious compressed file using mc. The vulnerability has been confirmed in version 4.5.55 but should reportedly affect versions 4.5.52 through 4.6.0." Where are currently using mc 4.6.0 on Solaris 9. What's the situation in our case? Does any correction exist? Regards. Philippe ----------------------------------------- Visit our website! http://www.nbb.be "DISCLAIMER: The content of this e-mail message should not be construed as binding on the part of the National Bank of Belgium (NBB) unless otherwise and previously stated. The opinions expressed in this message are solely those of the author and do not necessarily reflect NBB viewpoints, particularly when the content of this message, or part thereof, is private by nature or does not fall within the professional scope of its author." _______________________________________________ Mc mailing list http://mail.gnome.org/mailman/listinfo/mc
