Vulnerability Details CVE-2003-1023
Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.083
EPSS Ranking 91.8%
CVSS Severity
CVSS v2 Score 7.5
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-014.0.txt
- ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
- ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
- http://archive.cert.uni-stuttgart.de/bugtraq/2003/09/msg00309.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000833
- http://fedoranews.org/updates/FEDORA-2004-058.shtml
- http://marc.info/?l=bugtraq&m=108118433222764&w=2
- http://rhn.redhat.com/errata/RHSA-2004-034.html
- http://rhn.redhat.com/errata/RHSA-2004-035.html
- http://secunia.com/advisories/10645
- http://secunia.com/advisories/10685
- http://secunia.com/advisories/10716
- http://secunia.com/advisories/10772
- http://secunia.com/advisories/10823
- http://secunia.com/advisories/11219
- http://secunia.com/advisories/11262
- http://secunia.com/advisories/11268
- http://secunia.com/advisories/11296
- http://secunia.com/advisories/9833
- http://security.gentoo.org/glsa/glsa-200403-09.xml
- http://www.debian.org/security/2004/dsa-424
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:007
- http://www.redhat.com/archives/fedora-legacy-announce/2004-May/msg00002.html
- http://www.securityfocus.com/bid/8658
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13247
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A822
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-014.0.txt
- ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
- ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
- http://archive.cert.uni-stuttgart.de/bugtraq/2003/09/msg00309.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000833
- http://fedoranews.org/updates/FEDORA-2004-058.shtml
- http://marc.info/?l=bugtraq&m=108118433222764&w=2
- http://rhn.redhat.com/errata/RHSA-2004-034.html
- http://rhn.redhat.com/errata/RHSA-2004-035.html
- http://secunia.com/advisories/10645
- http://secunia.com/advisories/10685
- http://secunia.com/advisories/10716
- http://secunia.com/advisories/10772
- http://secunia.com/advisories/10823
- http://secunia.com/advisories/11219
- http://secunia.com/advisories/11262
- http://secunia.com/advisories/11268
- http://secunia.com/advisories/11296
- http://secunia.com/advisories/9833
- http://security.gentoo.org/glsa/glsa-200403-09.xml
- http://www.debian.org/security/2004/dsa-424
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:007
- http://www.redhat.com/archives/fedora-legacy-announce/2004-May/msg00002.html
- http://www.securityfocus.com/bid/8658
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13247
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A822
Products affected by CVE-2003-1023
-
cpe:2.3:a:midnight_commander:midnight_commander:4.5.52
-
cpe:2.3:a:midnight_commander:midnight_commander:4.5.55
-
cpe:2.3:a:midnight_commander:midnight_commander:4.6