Buffer overflow in Midnight Commander — GLSA 200403-09

A remotely-exploitable buffer overflow in Midnight Commander allows arbitrary code to be run on a user's computer

Affected packages

app-misc/mc on all architectures
Affected versions <= 4.6.0-r4
Unaffected versions >= 4.6.0-r5

Background

Midnight Commander is a visual file manager.

Description

A stack-based buffer overflow has been found in Midnight Commander's virtual filesystem.

Impact

This overflow allows an attacker to run arbitrary code on the user's computer during the symlink conversion process.

Workaround

While a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of the affected package.

Resolution

All users should upgrade to the current version of the affected package:

 # emerge sync
 
 # emerge -pv ">=app-misc/mc-4.6.0-r5"
 # emerge ">=app-misc/mc-4.6.0-r5"

References

Release date
March 29, 2004

Latest revision
March 29, 2004: 01

Severity
high

Exploitable
remote

Bugzilla entries