FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2003-1023

This CVE name corresponds to:

Entered Topic
2004-04-03 Midnight Commander buffer overflow during symlink resolution

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2003-1023 at cve.mitre.org

Details

Type Candidate
Name CVE-2003-1023
Phase Assigned(20040105)

Description

Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion.

References

Source Reference
BUGTRAQ 20030919 uninitialized buffer in midnight commander
CALDERA CSSA-2004-014.0
FEDORA FEDORA-2004-058
FEDORA FLSA:1224
GENTOO GLSA-200403-09
BUGTRAQ 20040405 [OpenPKG-SA-2004.009] OpenPKG Security Advisory (mc)
CONECTIVA CLA-2004:833
DEBIAN DSA-424
REDHAT RHSA-2004:034
REDHAT RHSA-2004:035
MANDRAKE MDKSA-2004:007
SGI 20040201-01-U
SGI 20040202-01-U
BID 8658
SECUNIA 10645
SECUNIA 10685
SECUNIA 10716
SECUNIA 10772
SECUNIA 10823
SECUNIA 11219
SECUNIA 11262
SECUNIA 11268
SECUNIA 9833
SECUNIA 11296
XF midnight-commander-vfssresolvesymlink-bo(13247)
OVAL oval:org.mitre.oval:def:822

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.