=?iso-8859-1?Q?RE:_[Linux]_glibc_2.1.x_/_wu-?= =?iso-8859-1?Q?ftpd_<=3d2.5_/_BeroFTPD_/_lynx_/_vlo?= =?iso-8859-1?Q?ck=0d=0a______________?= =?iso-8859-1?Q?/_mc_/_glibc_2.0.x?=

Tom Bosscher (Tom.BosscherVICKERS-SYSTEMS.COM)
Thu, 9 Sep 1999 10:40:57 -0400

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Brock Tellier: "19 SCO 5.0.5+Skunware98 buffer overflows"
• Previous message: Lisa Napier: "Re: Cisco and Nmap Dos"

unsubscribe

-----Original Message-----
From: BUGTRAQ(a)SECURITYFOCUS.COM [mailto:BUGTRAQ(a)SECURITYFOCUS.COM]
Sent: Sunday, September 05, 1999 2:48 PM
To: BUGTRAQ(a)SECURITYFOCUS.COM
Subject: Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx /
vlock / mc / glibc 2.0.x

On Mon, 30 Aug 1999, Norbert Warmuth wrote:
> Michal Zalewski writes:
> > Also, mc seems to have serious problems with directories containing
shell
> > commands enclosed in $(...) construction. Bad.
> What are you talking about? Please send details to
mc-bugsnuclecu.unam.mx.

I haven't got any response from Michal and hasn't been able to
reproduce any problems with directories containing "$(...)" either.

Wojtek Pilorz reminded of the bash 1.14 vulnerability when PS1 contains
\w or \W. As MC doesn't touch PS1 blaming MC for this is more than
far-fetched.

Pavel Machek got the message 'Warning: Couldn't change to /tmp/$( ...
)'
because he triggered a MC bug which was fixed in March 1999 (release
4.5.27).

Last not least there was an issue with uncompressing files which was
fixed in 4.5.38.

The Midnight Commander bug's mentioned above are fixed in the latest
release which doesn't contain known security vulnerabilities. You can
get it from
     ftp://ftp.gnome.org/pub/GNOME/sources/mc

Please report bugs to mc-bugsnuclecu.unam.mx, thanks.

Kind regards,
Norbert

• Next message: Brock Tellier: "19 SCO 5.0.5+Skunware98 buffer overflows"
• Previous message: Lisa Napier: "Re: Cisco and Nmap Dos"

This archive was generated by hypermail 2.0b3 on Fri Sep 10 1999 - 23:21:56 CDT