[11643] in bugtraq
Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock
daemon@ATHENA.MIT.EDU (Norbert Warmuth)
Wed Sep 1 23:34:51 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <14282.6738.523996.809083@floh.privat.circular.de>
Date: Mon, 30 Aug 1999 08:11:36 +0200
Reply-To: nwarmuth@PRIVAT.CIRCULAR.DE
From: Norbert Warmuth <nwarmuth@PRIVAT.CIRCULAR.DE>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <lcamtuf.4.05.9907041223290.355-300000@nimue.ids.pl>
Michal Zalewski writes:
> ------------------
> mc, ftp:// and $()
> ------------------
>
> Compromise: remote/local user's privledges
>
> Midnight Commander ftp client has an overflow while reading server
> responses - long enough message will result in beautiful overflow. Enjoy.
An off-by-one error, hardly to exploit especially since the value written
is always '\0'.
> Also, mc seems to have serious problems with directories containing shell
> commands enclosed in $(...) construction. Bad.
What are you talking about? Please send details to mc-bugs@nuclecu.unam.mx.
If you refer to uncompressing gzip'd files this bug was fixed on
18.08.99 (release 4.5.38).
Regards,
Norbert
