Hello, On Thu, 7 Apr 2005, Leonard den Ottolander wrote:
> Hello Cleve, > > On Thu, 2005-04-07 at 15:16, Cleve Philippe wrote: > > "A vulnerability has been identified in Midnight Commander (mc), which > > potentially can be exploited by malicious people to compromise a user's > > system. > > Would you happen to have a CAN number for this issue, or another > reference? If this issue doesn't yet have a CAN number maybe we should > get one assigned? >From the original message [...] The vulnerability is caused due to a boundary error when handling symlinks in compressed files. This can be exploited by constructing a compressed file containing overly long, specially crafted symlinks. This will cause a stack overflow when a user tries to view the content of the malicious compressed file using mc. [...] which appears to be CAN-2003-1023. _______________________________________________ Mc mailing list http://mail.gnome.org/mailman/listinfo/mc
