Test ID:	1.3.6.1.4.1.25623.1.0.51337
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2004:833
Summary:	Conectiva Security Advisory CLA-2004:833
Description:	The remote host is missing updates announced in advisory CLA-2004:833. Midnight Commander (MC) is a visual shell and a file manager for text consoles. This update fixes a buffer overflow vulnerability[1] in the code that handles symlinks in the virtual filesystem module. An attacker could create a specially crafted archive (like a .tar.gz or a cpio file) containing symlinks that when opened by an mc user would trigger the execution of arbitrary code with its privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-1023 to this issue[2]. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityfocus.com/bid/8658/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1023 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:833 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-1023 Bugtraq: 20030919 uninitialized buffer in midnight commander (Google Search) http://archive.cert.uni-stuttgart.de/bugtraq/2003/09/msg00309.html Caldera Security Advisory: CSSA-2004-014.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-014.0.txt http://fedoranews.org/updates/FEDORA-2004-058.shtml http://www.redhat.com/archives/fedora-legacy-announce/2004-May/msg00002.html http://security.gentoo.org/glsa/glsa-200403-09.xml Bugtraq: 20040405 [OpenPKG-SA-2004.009] OpenPKG Security Advisory (mc) (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=108118433222764&w=2 Conectiva Linux advisory: CLA-2004:833 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000833 Debian Security Information: DSA-424 (Google Search) http://www.debian.org/security/2004/dsa-424 RedHat Security Advisories: RHSA-2004:034 http://rhn.redhat.com/errata/RHSA-2004-034.html RedHat Security Advisories: RHSA-2004:035 http://rhn.redhat.com/errata/RHSA-2004-035.html http://www.mandriva.com/security/advisories?name=MDKSA-2004:007 SGI Security Advisory: 20040201-01-U ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc SGI Security Advisory: 20040202-01-U ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc BugTraq ID: 8658 http://www.securityfocus.com/bid/8658 http://secunia.com/advisories/10645 http://secunia.com/advisories/10685 http://secunia.com/advisories/10716 http://secunia.com/advisories/10772 http://secunia.com/advisories/10823 http://secunia.com/advisories/11219 http://secunia.com/advisories/11262 http://secunia.com/advisories/11268 http://secunia.com/advisories/9833 http://secunia.com/advisories/11296 XForce ISS Database: midnight-commander-vfssresolvesymlink-bo(13247) http://xforce.iss.net/xforce/xfdb/13247 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:822
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: