Vulnerability Development mailing list archives
Re: minor (?) mc bug
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Sat, 13 Nov 1999 12:53:54 -0800
m4rcyS wrote:
Hi, I think that's nothing dangerous but plz try this by yourself. Run mc. Press F9, select Right/Left, select Tree. All is ok so far, but do the same sequence once more and ... voila, nice seg fault. Gdb says that there is overflow in strcpy(). Plz check this out.
A quick glance at a RH 5.2-based system I have indicates that mc was not setuid or setgid. I can't really imagine it being used via CGI or anything like that. Does anyone know if it's ever used in any context that would permit privilege elevation? Captive shell or something, perhaps? I've got nothing against fixing bugs in programs, but if there's not a security impact this may not be the most appropriate forum. BB
Current thread:
- MS Outlook javascript parsing bug Mikael Olsson (Nov 09)
- Open Port on Win98 box tschweikle () FIDUCIA DE (Nov 10)
- Re: Open Port on Win98 box Marc Esipovich (Nov 09)
- Re: Open Port on Win98 box Marc Esipovich (Nov 09)
- Re: Open Port on Win98 box Mike Bush (Nov 13)
- Re: Open Port on Win98 box Marc Esipovich (Nov 09)
- Re: Open Port on Win98 box Blue Boar (Nov 10)
- Re: Open Port on Win98 box Dragos Ruiu (Nov 10)
- minor (?) mc bug m4rcyS (Nov 10)
- Re: minor (?) mc bug Blue Boar (Nov 13)
- potential chage ovf m4rcyS (Nov 17)
- Open Port on Win98 box tschweikle () FIDUCIA DE (Nov 10)
- <Possible follow-ups>
- Re: MS Outlook javascript parsing bug Reed, David (Nov 10)