Description: Several vulnerabilities were reported in Midnight Commander. A remote user can cause denial of service conditions or potentially execute arbitrary code.
Debian reported several vulnerabilities in Midnight Commander, including format string flaws, buffer overflows, memory allocation errors, and input validation bugs.
Affected files include 'vfs/extfs.c' [CVE: CAN-2004-1176], 'src/key.c', 'vfs/sfs.c', 'vfs/direntry.c', 'gtkedit/syntax.c', 'src/wtools.c', 'src/utilunix.c', 'src/boxes.c', 'src/charsets.c', and 'vfs/cpio.c' [CVE: CAN-2004-1005], 'vfs/fish.c' [CVE: CAN-2004-1175], 'vfs/direntry.c' [CVE: CAN-2004-1174], 'gtkedit/syntax.c' [CVE: CAN-2004-1009], 'src/utilunix.c' and 'vfs/fish.c [CVE: CAN-2004-1004], 'src/profile.c' [CVE: CAN-2004-1090], 'src/find.c' [CVE: CAN-2004-1091], 'gtkedit/editcmd.c' [CVE: CAN-2004-1092], and 'src/key.c' [CVE: CAN-2004-1093].
Impact: A remote user can cause denial of service conditions.
A remote user may be able to execute arbitrary code [however, the report did not confirm code execution.]
Solution: Fixes are available via CVS at:
http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/
|
