[SECURITY] serious DoS possibility in Midnight Commander (mc)
-----BEGIN PGP SIGNED MESSAGE-----
Hi,
there is a problem with mc (BugTraq ID 1945), that allows any local
user to overwrite the first byte of any file (/vmlinuz, /dev/hda,
whatever) with a Zero.
A fixed package has been uploaded to unstable (4.5.51-11). Until fixed
packages are created for stable I advice anyone using mc (dpkg -l mc
will show) to disable the cons.saver helper application using
chmod -x /usr/lib/mc/bin/cons.saver
cons.saver is normaly used for a screensaver on the linux virtual
console.
Ciao,
Martin
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQCVAwUBOhmsBnzgxeT40EqFAQElDAP9GoVaOkNYSkzTxQ90x+qWP0EM1+XsREyY
jfyXfOv1PRK8bP+HtXzbFi0A9djFGC98NkKDilMLWmheUToIHbTKB6lVEO+AMdts
zAz1RT5nbxx8dyMMObPzuNGuTlAi9QO7TDIbanG0SkiuHXP8YSRe7MJLUkEs+z6b
JTGgxs4NGus=
=EqZI
-----END PGP SIGNATURE-----
Reply to: