Debian: 'mc' local DoS

    Date25 Nov 2000
    CategoryDebian
    2681
    Posted ByLinuxSecurity Advisories
    cons.saver does not check if it is started with a valid stdout, potentially causing a denial of service.
    
    -----BEGIN PGP SIGNED MESSAGE-----
    
    - ------------------------------------------------------------------------
    Debian Security Advisory                             This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                         Wichert Akkerman
    November 25, 2000
    - ------------------------------------------------------------------------
    
    
    Package        : mc
    Problem type   : local DoS
    Debian-specific: no
    
    Maurycy Prodeus found a problem in cons.saver, a screensaver for
    the console that is included in the mc package. cons.saver does not
    check if it is started with a valid stdout, which combined with a
    bug in its check to see if its argument is a tty (it forgot to
    close the file-descriptor after opening the supposed tty) causes it
    to write a NUL character to the file given as its parameter.
    
    This has been fixed in version 4.5.42-11.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    
    Debian GNU/Linux 2.2 alias potato
    - ---------------------------------
    
      Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
    
      Source archives:
         http://security.debian.org/dists/stable/updates/main/source/mc_4.5.42-11.potato.5.diff.gz
          MD5 checksum: 98428eb4284349e15b21b2cd36fbf55d
         http://security.debian.org/dists/stable/updates/main/source/mc_4.5.42-11.potato.5.dsc
          MD5 checksum: f6bfd1c1c458247e49ec1f73a8da5a47
         http://security.debian.org/dists/stable/updates/main/source/mc_4.5.42.orig.tar.gz
          MD5 checksum: 0d2e63dd4b0c0a3d4d6c5933187ba222
    
      Alpha architecture:
         http://security.debian.org/dists/stable/updates/main/binary-alpha/gmc_4.5.42-11.potato.5_alpha.deb
          MD5 checksum: 778a5121ae88e6dd5921ce65159a8f62
         http://security.debian.org/dists/stable/updates/main/binary-alpha/mc-common_4.5.42-11.potato.5_alpha.deb
          MD5 checksum: b33dab94b93fe534fb448ad6ab5c2d3d
         http://security.debian.org/dists/stable/updates/main/binary-alpha/mc_4.5.42-11.potato.5_alpha.deb
          MD5 checksum: 8fc235ecf3f4d39db8b6d264a99bcc88
    
      ARM architecture:
         http://security.debian.org/dists/stable/updates/main/binary-arm/gmc_4.5.42-11.potato.5_arm.deb
          MD5 checksum: 41de0eced28ed9962cf3cd7744e25842
         http://security.debian.org/dists/stable/updates/main/binary-arm/mc-common_4.5.42-11.potato.5_arm.deb
          MD5 checksum: b99c2bfcb69adcc103760542c18870fc
         http://security.debian.org/dists/stable/updates/main/binary-arm/mc_4.5.42-11.potato.5_arm.deb
          MD5 checksum: 93c09c57cb6cd99908999764ecc955cf
    
      Intel ia32 architecture:
         http://security.debian.org/dists/stable/updates/main/binary-i386/gmc_4.5.42-11.potato.5_i386.deb
          MD5 checksum: 13e981aac3e5562cd10354af83a756c5
         http://security.debian.org/dists/stable/updates/main/binary-i386/mc-common_4.5.42-11.potato.5_i386.deb
          MD5 checksum: 3bd645c007bef90220f48bf3e8b451e8
         http://security.debian.org/dists/stable/updates/main/binary-i386/mc_4.5.42-11.potato.5_i386.deb
          MD5 checksum: ffb14638ea3bdcd5faa8e49e7611266b
    
      Motorola 680x0 architecture:
         http://security.debian.org/dists/stable/updates/main/binary-m68k/gmc_4.5.42-11.potato.5_m68k.deb
          MD5 checksum: b63de3e53f49b188e5a516dac57185bf
         http://security.debian.org/dists/stable/updates/main/binary-m68k/mc-common_4.5.42-11.potato.5_m68k.deb
          MD5 checksum: 8ba419260b77557da2cfd4f867cddc73
         http://security.debian.org/dists/stable/updates/main/binary-m68k/mc_4.5.42-11.potato.5_m68k.deb
          MD5 checksum: d49246c914ad48fa0fdfdc08e5150635
    
      PowerPC architecture:
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/gmc_4.5.42-11.potato.5_powerpc.deb
          MD5 checksum: 165eb728fc75d5ee4ebadad0609a8350
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/mc-common_4.5.42-11.potato.5_powerpc.deb
          MD5 checksum: 0cee7ec7bc646a3987a7571a36446f1e
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/mc_4.5.42-11.potato.5_powerpc.deb
          MD5 checksum: 14628f3fdc3cd10eb81e5458cb5f49a5
    
      Sun Sparc architecture:
         http://security.debian.org/dists/stable/updates/main/binary-sparc/gmc_4.5.42-11.potato.5_sparc.deb
          MD5 checksum: 44893268efa32df9867088cffa2c2f4d
         http://security.debian.org/dists/stable/updates/main/binary-sparc/mc-common_4.5.42-11.potato.5_sparc.deb
          MD5 checksum: a6e92192b8b5ea7dc91f8607adddcddd
         http://security.debian.org/dists/stable/updates/main/binary-sparc/mc_4.5.42-11.potato.5_sparc.deb
          MD5 checksum: 9e18fc005fffdb0e08c44c32df8b2e50
    
      These files will be moved into
       ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.
    
    For not yet released architectures please refer to the appropriate
    directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
    
    - -- 
    - ----------------------------------------------------------------------------
    apt-get: deb  http://security.debian.org/ stable/updates main
    dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.3ia
    Charset: noconv
    
    iQB1AwUBOh8ZHajZR/ntlUftAQErhAL/RhjW44ivPCrcwDvXqWonER3Kb0JSZGqp
    xg4nDLXKZCx6n1EBOuaKkUH3au4xIcW6OkwUNbIN2CIWr22RZyIFN8PlcYIaJbx1
    k8qg9jwhT7n7CaghAjEv4Y0q40kWsrRz
    =iJdl
    -----END PGP SIGNATURE-----
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.