COMMAND

    mc

SYSTEMS AFFECTED

    Well, whoever runs mc

PROBLEM

    m4rcyS  found  following.   Run  mc.  Press F9, select Right/Left,
    select Tree. All is ok so far, but do the same sequence once  more
    and ...  voila, nice seg  fault.  Gdb says that there  is overflow
    in strcpy().

        $ mc -V
        The Midnight Commander 4.5.31
        with mouse support on xterm and the Linux console.
        Edition: text mode.
        Virtual File System: tarfs, extfs, ftpfs, mcfs.
        With builtin Editor
        Using S-lang library with terminfo database
        With subshell support: as default
        With support for background operations
        
        $ uname -a
        Linux pentium.localdomain 2.2.10 #1 Wed Jul 28 14:27:02 CEST 1999 i586
        unknown
        
        $ cat /etc/redhat-release
        Red Hat Linux release 6.0 (Hedwig)

    MC 4.5.36  is too  vulnerabel! (RH  6.0 hedwig,  kernel 2.2.5-15).
    Here are the bad lines:

    FILE: src/treestore.c
    LINE: 254,32
    ----------------------------------------------------------
         tree_store_add_entry (name);
         strcpy (oldname, name);
    ----------------------------------------------------------
    
    FILE: src/treestore.c
    LINE: 266,56
    ----------------------------------------------------------
          if (different){
           strcpy (oldname + common, different);
    ----------------------------------------------------------
    
    FILE: src/treestore.c
    LINE: 278,40
    ----------------------------------------------------------
         }
         strcpy (oldname, name);
    ----------------------------------------------------------
    
    FILE: src/treestore.c
    LINE: 340,8
    ----------------------------------------------------------
    
     fprintf (file, "%s\n", TREE_SIGNATURE);
    ----------------------------------------------------------

SOLUTION

    It's not dangerous as there are no suid bits involved.