Bug 75242 (CVE-2005-0763)

Summary: VUL-0: CVE-2005-0763: mc: missed mc patch
Product: [Novell Products] SUSE Security Incidents Reporter: Ludwig Nussel <lnussel>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard: CVE-2005-0763: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: patch.CAN-2005-0763.mc

Description Ludwig Nussel 2005-03-30 10:40:00 UTC 
Debian missed a patch, looks like we too.

Date: Wed, 30 Mar 2005 12:26:05 +0200
From: Martin Schulze <joey@infodrom.org>
To: Ludwig Nussel <ludwig.nussel@suse.de>
Subject: Re: [SECURITY] [DSA 698-1] New mc packages fix buffer overflow

Ludwig Nussel wrote:
> Martin Schulze wrote:
> > Package        : mc
> > Vulnerability  : buffer overflow
> > Problem-Type   : local
> > Debian-specific: no
> > CVE ID         : CAN-2005-0763
> > 
> > An unfixed buffer overflow has been discovered by Andrew V. Samoilov
> > in mc, the midnight commander, a file browser and manager.  This update
> > also fixes a regression from DSA 497.
> 
> You say it's not debian specific, do you have any details on this?

Sure, see the attached patch.  It's basically an old issue that we've
missed in the other round of updates.  It's fixed in current versions
of mc.

Regards,

	Joey

-- 
We all know Linux is great... it does infinite loops in 5 seconds.
        -- Linus Torvalds

diff -u mc-4.5.55/debian/changelog mc-4.5.55/debian/changelog
--- mc-4.5.55/debian/changelog
+++ mc-4.5.55/debian/changelog
@@ -1,3 +1,14 @@
+mc (4.5.55-1.2woody6) stable-security; urgency=high
+
+  * Non-maintainer upload by the Security Team
+  * Applied patch by Andrew V. Samoilov to fix another buffer overflow
+    [src/complete.c, debian/patches/52_security_CAN-2005-0763.diff]
+
+ -- Martin Schulze <joey@infodrom.org>  Fri, 18 Mar 2005 09:34:08 +0100
+
 mc (4.5.55-1.2woody5) stable-security; urgency=high
 
   * Non-maintainer upload by the Security Team
only in patch2:
unchanged:
--- mc-4.5.55.orig/debian/patches/52_security_CAN-2005-0763.diff
+++ mc-4.5.55/debian/patches/52_security_CAN-2005-0763.diff
@@ -0,0 +1,14 @@
+diff -u -p -Nr --exclude CVS mc-4.5.55.orig/src/complete.c mc-4.5.55/src/complete.c
+--- mc-4.5.55.orig/src/complete.c	2005-03-17 16:13:29.000000000 +0100
++++ mc-4.5.55/src/complete.c	2005-03-17 16:22:40.000000000 +0100
+@@ -827,8 +827,8 @@ static int insert_text (WInput *in, char
+     }
+     if (strlen (in->buffer)+1 < in->current_max_len){
+     	if (len > 0){
+-	    int i, l = strlen (&in->buffer [end]);
+-	    for (i = l + 1; i >= 0; i--)
++	    int i = strlen (&in->buffer [end]);
++	    for (; i >= 0; i--)
+ 	        in->buffer [end + len + i] = in->buffer [end + i];
+ 	} else if (len < 0){
+ 	    char *p = in->buffer + end + len, *q = in->buffer + end;
Comment 1 Ludwig Nussel 2005-03-30 10:45:05 UTC 
Created attachment 32917 [details]
patch.CAN-2005-0763.mc
Comment 2 Vladimir Nadvornik 2005-03-30 12:27:15 UTC 
Only mc 4.5.55 in sles8 is affected.
Comment 3 Vladimir Nadvornik 2005-03-30 15:23:19 UTC 
Package for sles8 submitted. Can you please submit patchinfo?
Comment 4 Ludwig Nussel 2005-03-30 15:41:54 UTC 
done, swampid 732
Comment 5 Marcus Meissner 2005-04-14 11:15:27 UTC 
released
Comment 6 Thomas Biege 2009-10-13 21:14:48 UTC 
CVE-2005-0763: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)