FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Midnight Commander buffer overflow during symlink resolution

Affected packages
mc < 4.6.0_9

Details

VuXML ID 322d4ff6-85c3-11d8-a41f-0020ed76ef5a
Discovery 2003-09-19
Entry 2004-04-03
Modified 2004-04-13

Midnight Commander uses a fixed sized stack buffer while resolving symbolic links within file archives (tar or cpio). If an attacker can cause a user to process a specially crafted file archive with Midnight Commander, the attacker may be able to obtain the privileges of the target user.

References

Bugtraq ID 8658
CVE Name CVE-2003-1023
Message E1A0LbX-000NPk-00.alienhard-mail-ru@f9.mail.ru