Vulnerability Development mailing list archives

Re: minor (?) mc bug

From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Sat, 13 Nov 1999 12:53:54 -0800


m4rcyS wrote:


Hi,

I think that's nothing dangerous but plz try this by yourself.

Run mc. Press F9, select Right/Left, select Tree. All is ok so
far, but do the same sequence once more and ... voila, nice
seg fault. Gdb says that there is overflow in strcpy(). Plz check
this out.


A quick glance at a RH 5.2-based system I have indicates that mc was not
setuid or setgid.  I can't really imagine it being used via CGI or anything
like that.

Does anyone know if it's ever used in any context that would permit
privilege elevation?  Captive shell or something, perhaps?

I've got nothing against fixing bugs in programs, but if there's not a
security impact this may not be the most appropriate forum.

                                                        BB

Current thread:

MS Outlook javascript parsing bug Mikael Olsson (Nov 09)
- Open Port on Win98 box tschweikle () FIDUCIA DE (Nov 10)
  - Re: Open Port on Win98 box Marc Esipovich (Nov 09)
    - Re: Open Port on Win98 box Marc Esipovich (Nov 09)
    - Re: Open Port on Win98 box Mike Bush (Nov 13)
  - Re: Open Port on Win98 box Blue Boar (Nov 10)
    - Re: Open Port on Win98 box Dragos Ruiu (Nov 10)
    - minor (?) mc bug m4rcyS (Nov 10)
    - Re: minor (?) mc bug Blue Boar (Nov 13)
    - potential chage ovf m4rcyS (Nov 17)
- Re: MS Outlook javascript parsing bug Mikael Olsson (Nov 10)
- <Possible follow-ups>
- Re: MS Outlook javascript parsing bug Reed, David (Nov 10)