Midnight Commander Virtual File System Symlink Buffer Overflow Vulnerability

Midnight Commander has been reported prone to a buffer overflow vulnerability, when handling symlinks in virtual file system(VFS), specifically in tar and cpio VFS procedures.

The issue presents itself, reportedly due to an un-initialized buffer being used when Midnight Commander is handling symlinks in the virtual file system code layer.

An attacker may reportedly trigger this issue, using malicious tar archives as an attack vector; to overflow the bounds of an insufficient buffer in stack based memory.


Privacy Statement
Copyright 2010, SecurityFocus