CVE-2003-1023

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2003-1023
Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-014.0.txt
ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
http://archive.cert.uni-stuttgart.de/bugtraq/2003/09/msg00309.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000833
http://fedoranews.org/updates/FEDORA-2004-058.shtml
http://marc.info/?l=bugtraq&m=108118433222764&w=2
http://rhn.redhat.com/errata/RHSA-2004-034.html
http://rhn.redhat.com/errata/RHSA-2004-035.html
http://secunia.com/advisories/10645
http://secunia.com/advisories/10685
http://secunia.com/advisories/10716
http://secunia.com/advisories/10772
http://secunia.com/advisories/10823
http://secunia.com/advisories/11219
http://secunia.com/advisories/11262
http://secunia.com/advisories/11268
http://secunia.com/advisories/11296
http://secunia.com/advisories/9833
http://security.gentoo.org/glsa/glsa-200403-09.xml Vendor Advisory
http://www.debian.org/security/2004/dsa-424
http://www.mandriva.com/security/advisories?name=MDKSA-2004:007
http://www.redhat.com/archives/fedora-legacy-announce/2004-May/msg00002.html
http://www.securityfocus.com/bid/8658 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/13247
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A822
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-014.0.txt
ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
http://archive.cert.uni-stuttgart.de/bugtraq/2003/09/msg00309.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000833
http://fedoranews.org/updates/FEDORA-2004-058.shtml
http://marc.info/?l=bugtraq&m=108118433222764&w=2
http://rhn.redhat.com/errata/RHSA-2004-034.html
http://rhn.redhat.com/errata/RHSA-2004-035.html
http://secunia.com/advisories/10645
http://secunia.com/advisories/10685
http://secunia.com/advisories/10716
http://secunia.com/advisories/10772
http://secunia.com/advisories/10823
http://secunia.com/advisories/11219
http://secunia.com/advisories/11262
http://secunia.com/advisories/11268
http://secunia.com/advisories/11296
http://secunia.com/advisories/9833
http://security.gentoo.org/glsa/glsa-200403-09.xml Vendor Advisory
http://www.debian.org/security/2004/dsa-424
http://www.mandriva.com/security/advisories?name=MDKSA-2004:007
http://www.redhat.com/archives/fedora-legacy-announce/2004-May/msg00002.html
http://www.securityfocus.com/bid/8658 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/13247
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A822
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:midnight_commander:midnight_commander:4.5.52:*:*:*:*:*:*:*
cpe:2.3:a:midnight_commander:midnight_commander:4.5.55:*:*:*:*:*:*:*
cpe:2.3:a:midnight_commander:midnight_commander:4.6:*:*:*:*:*:*:*
History

20 Nov 2024, 23:46

Type Values Removed Values Added
References () ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-014.0.txt - () ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-014.0.txt -
References () ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc - () ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc -
References () ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc - () ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc -
References () http://archive.cert.uni-stuttgart.de/bugtraq/2003/09/msg00309.html - () http://archive.cert.uni-stuttgart.de/bugtraq/2003/09/msg00309.html -
References () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000833 - () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000833 -
References () http://fedoranews.org/updates/FEDORA-2004-058.shtml - () http://fedoranews.org/updates/FEDORA-2004-058.shtml -
References () http://marc.info/?l=bugtraq&m=108118433222764&w=2 - () http://marc.info/?l=bugtraq&m=108118433222764&w=2 -
References () http://rhn.redhat.com/errata/RHSA-2004-034.html - () http://rhn.redhat.com/errata/RHSA-2004-034.html -
References () http://rhn.redhat.com/errata/RHSA-2004-035.html - () http://rhn.redhat.com/errata/RHSA-2004-035.html -
References () http://secunia.com/advisories/10645 - () http://secunia.com/advisories/10645 -
References () http://secunia.com/advisories/10685 - () http://secunia.com/advisories/10685 -
References () http://secunia.com/advisories/10716 - () http://secunia.com/advisories/10716 -
References () http://secunia.com/advisories/10772 - () http://secunia.com/advisories/10772 -
References () http://secunia.com/advisories/10823 - () http://secunia.com/advisories/10823 -
References () http://secunia.com/advisories/11219 - () http://secunia.com/advisories/11219 -
References () http://secunia.com/advisories/11262 - () http://secunia.com/advisories/11262 -
References () http://secunia.com/advisories/11268 - () http://secunia.com/advisories/11268 -
References () http://secunia.com/advisories/11296 - () http://secunia.com/advisories/11296 -
References () http://secunia.com/advisories/9833 - () http://secunia.com/advisories/9833 -
References () http://security.gentoo.org/glsa/glsa-200403-09.xml - Vendor Advisory () http://security.gentoo.org/glsa/glsa-200403-09.xml - Vendor Advisory
References () http://www.debian.org/security/2004/dsa-424 - () http://www.debian.org/security/2004/dsa-424 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2004:007 - () http://www.mandriva.com/security/advisories?name=MDKSA-2004:007 -
References () http://www.redhat.com/archives/fedora-legacy-announce/2004-May/msg00002.html - () http://www.redhat.com/archives/fedora-legacy-announce/2004-May/msg00002.html -
References () http://www.securityfocus.com/bid/8658 - Vendor Advisory () http://www.securityfocus.com/bid/8658 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/13247 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/13247 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A822 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A822 -
Information

Published : 2004-01-20 05:00

Updated : 2024-11-20 23:46

NVD link : CVE-2003-1023

Mitre link : CVE-2003-1023

CVE.ORG link : CVE-2003-1023

JSON object : View

Products Affected

midnight_commander

  • midnight_commander
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024