Bug 75242 (CVE-2005-0763) - VUL-0: CVE-2005-0763: mc: missed mc patch
Summary: VUL-0: CVE-2005-0763: mc: missed mc patch
Status: RESOLVED FIXED
Alias: CVE-2005-0763
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other All
: P5 - None : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2005-0763: CVSS v2 Base Score: 4....
Keywords:
Depends on:
Blocks:
 
Reported: 2005-03-30 10:40 UTC by Ludwig Nussel
Modified: 2021-09-25 15:37 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
patch.CAN-2005-0763.mc (1.37 KB, patch)
2005-03-30 10:45 UTC, Ludwig Nussel 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2005-03-30 10:40:00 UTC 
Debian missed a patch, looks like we too.

Date: Wed, 30 Mar 2005 12:26:05 +0200
From: Martin Schulze <joey@infodrom.org>
To: Ludwig Nussel <ludwig.nussel@suse.de>
Subject: Re: [SECURITY] [DSA 698-1] New mc packages fix buffer overflow

Ludwig Nussel wrote:
> Martin Schulze wrote:
> > Package        : mc
> > Vulnerability  : buffer overflow
> > Problem-Type   : local
> > Debian-specific: no
> > CVE ID         : CAN-2005-0763
> > 
> > An unfixed buffer overflow has been discovered by Andrew V. Samoilov
> > in mc, the midnight commander, a file browser and manager.  This update
> > also fixes a regression from DSA 497.
> 
> You say it's not debian specific, do you have any details on this?

Sure, see the attached patch.  It's basically an old issue that we've
missed in the other round of updates.  It's fixed in current versions
of mc.

Regards,

	Joey

-- 
We all know Linux is great... it does infinite loops in 5 seconds.
        -- Linus Torvalds

diff -u mc-4.5.55/debian/changelog mc-4.5.55/debian/changelog
--- mc-4.5.55/debian/changelog
+++ mc-4.5.55/debian/changelog
@@ -1,3 +1,14 @@
+mc (4.5.55-1.2woody6) stable-security; urgency=high
+
+  * Non-maintainer upload by the Security Team
+  * Applied patch by Andrew V. Samoilov to fix another buffer overflow
+    [src/complete.c, debian/patches/52_security_CAN-2005-0763.diff]
+
+ -- Martin Schulze <joey@infodrom.org>  Fri, 18 Mar 2005 09:34:08 +0100
+
 mc (4.5.55-1.2woody5) stable-security; urgency=high
 
   * Non-maintainer upload by the Security Team
only in patch2:
unchanged:
--- mc-4.5.55.orig/debian/patches/52_security_CAN-2005-0763.diff
+++ mc-4.5.55/debian/patches/52_security_CAN-2005-0763.diff
@@ -0,0 +1,14 @@
+diff -u -p -Nr --exclude CVS mc-4.5.55.orig/src/complete.c mc-4.5.55/src/complete.c
+--- mc-4.5.55.orig/src/complete.c	2005-03-17 16:13:29.000000000 +0100
++++ mc-4.5.55/src/complete.c	2005-03-17 16:22:40.000000000 +0100
+@@ -827,8 +827,8 @@ static int insert_text (WInput *in, char
+     }
+     if (strlen (in->buffer)+1 < in->current_max_len){
+     	if (len > 0){
+-	    int i, l = strlen (&in->buffer [end]);
+-	    for (i = l + 1; i >= 0; i--)
++	    int i = strlen (&in->buffer [end]);
++	    for (; i >= 0; i--)
+ 	        in->buffer [end + len + i] = in->buffer [end + i];
+ 	} else if (len < 0){
+ 	    char *p = in->buffer + end + len, *q = in->buffer + end;
Comment 1 Ludwig Nussel 2005-03-30 10:45:05 UTC 
Created attachment 32917 [details]
patch.CAN-2005-0763.mc
Comment 2 Vladimir Nadvornik 2005-03-30 12:27:15 UTC 
Only mc 4.5.55 in sles8 is affected.
Comment 3 Vladimir Nadvornik 2005-03-30 15:23:19 UTC 
Package for sles8 submitted. Can you please submit patchinfo?
Comment 4 Ludwig Nussel 2005-03-30 15:41:54 UTC 
done, swampid 732
Comment 5 Marcus Meissner 2005-04-14 11:15:27 UTC 
released
Comment 6 Thomas Biege 2009-10-13 21:14:48 UTC 
CVE-2005-0763: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)