Midnight Commander Insert_Text Buffer Overflow Vulnerability

Bugtraq ID:	12928
Class:	Boundary Condition Error
CVE:	CVE-2005-0763
Remote:	No
Local:	Yes
Published:	Mar 29 2005 12:00AM
Updated:	Jul 12 2009 11:56AM
Credit:	Discovery is credited to Andrew V. Samoilov.
Vulnerable:	Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 Midnight Commander Midnight Commander 4.5.55 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 + Mandriva Linux Mandrake 9.0 + SuSE Linux 8.1 + SuSE Linux 8.0 Midnight Commander Midnight Commander 4.5.54 + Turbolinux Turbolinux Server 8.0 + Turbolinux Turbolinux Server 7.0 + Turbolinux Turbolinux Workstation 8.0 + Turbolinux Turbolinux Workstation 7.0 Midnight Commander Midnight Commander 4.5.52 Midnight Commander Midnight Commander 4.5.51 + SCO OpenLinux Server 3.1.1 + SCO OpenLinux Workstation 3.1.1 Midnight Commander Midnight Commander 4.5.50 Midnight Commander Midnight Commander 4.5.49 Midnight Commander Midnight Commander 4.5.48 Midnight Commander Midnight Commander 4.5.47 Midnight Commander Midnight Commander 4.5.46 Midnight Commander Midnight Commander 4.5.45 Midnight Commander Midnight Commander 4.5.44 Midnight Commander Midnight Commander 4.5.43 Midnight Commander Midnight Commander 4.5.42 Midnight Commander Midnight Commander 4.5.41 Midnight Commander Midnight Commander 4.5.40
Not Vulnerable:

Midnight Commander Insert_Text Buffer Overflow Vulnerability

A buffer overflow vulnerability exists in Midnight Commander. The vulnerability is caused by insufficient bounds checking of external data supplied to the 'insert_text()' function.

This issue may allow local attackers to execute arbitrary code in the context of another user.

Midnight Commander Insert_Text Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Midnight Commander Insert_Text Buffer Overflow Vulnerability

Solution:
Red Hat has released advisory RHSA-2005:512-08 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

TurboLinux has released advisory TLSA-2005-46 to address this issue. Please see the attached advisory for further information on obtaining and applying fixes.

Debian has released advisory DSA 698-1 to address this issue. Please see the attached advisory for further information on obtaining and applying fixes.

---
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.


Midnight Commander Midnight Commander 4.5.54

• TurboLinux mc-4.5.54-8.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/mc-4.5.54-8.i586.rpm


• TurboLinux mc-4.5.54-8.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/mc-4.5.54-8.i586.rpm


• TurboLinux mc-4.5.54-8.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/mc-4.5.54-8.i586.rpm


• TurboLinux mc-4.5.54-8.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/mc-4.5.54-8.i586.rpm

Midnight Commander Midnight Commander 4.5.55

• Debian gmc_4.5.55-1.2woody6_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6 _alpha.deb


• Debian gmc_4.5.55-1.2woody6_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6 _arm.deb


• Debian gmc_4.5.55-1.2woody6_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6 _hppa.deb


• Debian gmc_4.5.55-1.2woody6_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6 _i386.deb


• Debian gmc_4.5.55-1.2woody6_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6 _ia64.deb


• Debian gmc_4.5.55-1.2woody6_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6 _m68k.deb


• Debian gmc_4.5.55-1.2woody6_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6 _mips.deb


• Debian gmc_4.5.55-1.2woody6_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6 _mipsel.deb


• Debian gmc_4.5.55-1.2woody6_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6 _powerpc.deb


• Debian gmc_4.5.55-1.2woody6_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6 _s390.deb


• Debian gmc_4.5.55-1.2woody6_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6 _sparc.deb


• Debian mc-common_4.5.55-1.2woody6_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody6_alpha.deb


• Debian mc-common_4.5.55-1.2woody6_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody6_arm.deb


• Debian mc-common_4.5.55-1.2woody6_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody6_hppa.deb


• Debian mc-common_4.5.55-1.2woody6_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody6_i386.deb


• Debian mc-common_4.5.55-1.2woody6_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody6_ia64.deb


• Debian mc-common_4.5.55-1.2woody6_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody6_m68k.deb


• Debian mc-common_4.5.55-1.2woody6_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody6_mips.deb


• Debian mc-common_4.5.55-1.2woody6_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody6_mipsel.deb


• Debian mc-common_4.5.55-1.2woody6_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody6_powerpc.deb


• Debian mc-common_4.5.55-1.2woody6_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody6_s390.deb


• Debian mc-common_4.5.55-1.2woody6_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody6_sparc.deb


• Debian mc_4.5.55-1.2woody6_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_ alpha.deb


• Debian mc_4.5.55-1.2woody6_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_ arm.deb


• Debian mc_4.5.55-1.2woody6_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_ hppa.deb


• Debian mc_4.5.55-1.2woody6_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_ i386.deb


• Debian mc_4.5.55-1.2woody6_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_ ia64.deb


• Debian mc_4.5.55-1.2woody6_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_ m68k.deb


• Debian mc_4.5.55-1.2woody6_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_ mips.deb


• Debian mc_4.5.55-1.2woody6_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_ mipsel.deb


• Debian mc_4.5.55-1.2woody6_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_ powerpc.deb


• Debian mc_4.5.55-1.2woody6_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_ s390.deb


• Debian mc_4.5.55-1.2woody6_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_ sparc.deb

Midnight Commander Insert_Text Buffer Overflow Vulnerability

References:

• Midnight Commander Homepage (Midnight Commander)
  
• RHSA-2005:512-08 - mc security update (RedHat)