Michal Zalewski writes: > ------------------ > mc, ftp:// and $() > ------------------ > > Compromise: remote/local user's privledges > > Midnight Commander ftp client has an overflow while reading server > responses - long enough message will result in beautiful overflow. Enjoy. An off-by-one error, hardly to exploit especially since the value written is always '\0'. > Also, mc seems to have serious problems with directories containing shell > commands enclosed in $(...) construction. Bad. What are you talking about? Please send details to mc-bugsat_private If you refer to uncompressing gzip'd files this bug was fixed on 18.08.99 (release 4.5.38). Regards, Norbert
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:00:55 PDT