[SECURITY] serious DoS possibility in Midnight Commander (mc)

To: debian-user@lists.debian.org
Subject: [SECURITY] serious DoS possibility in Midnight Commander (mc)
From: "Martin Bialasinski" <martin@internet-treff.uni-koeln.de>
Date: 20 Nov 2000 23:56:28 +0100
Message-id: <[🔎] 87hf52tfqb.fsf@haitech.martin.home>

-----BEGIN PGP SIGNED MESSAGE-----

Hi,

there is a problem with mc (BugTraq ID 1945), that allows any local
user to overwrite the first byte of any file (/vmlinuz, /dev/hda,
whatever) with a Zero.

A fixed package has been uploaded to unstable (4.5.51-11). Until fixed 
packages are created for stable I advice anyone using mc (dpkg -l mc
will show) to disable the cons.saver helper application using 

chmod -x /usr/lib/mc/bin/cons.saver

cons.saver is normaly used for a screensaver on the linux virtual
console.

Ciao,
        Martin

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBOhmsBnzgxeT40EqFAQElDAP9GoVaOkNYSkzTxQ90x+qWP0EM1+XsREyY
jfyXfOv1PRK8bP+HtXzbFi0A9djFGC98NkKDilMLWmheUToIHbTKB6lVEO+AMdts
zAz1RT5nbxx8dyMMObPzuNGuTlAi9QO7TDIbanG0SkiuHXP8YSRe7MJLUkEs+z6b
JTGgxs4NGus=
=EqZI
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: debianising DRI X source
Next by Date: Re: I want out!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Previous by thread: debianising DRI X source
Next by thread: GnomeCAD ?
Index(es):
- Date
- Thread