Midnight Commander Multiple Unspecified Vulnerabilities
BID:12263
Info
Midnight Commander Multiple Unspecified Vulnerabilities
| Bugtraq ID: | 12263 |
| Class: | Unknown |
| CVE: |
CVE-2004-1004 CVE-2004-1005 CVE-2004-1009 CVE-2004-1090 CVE-2004-1091 CVE-2004-1092 CVE-2004-1093 CVE-2004-1174 CVE-2004-1175 CVE-2004-1176 |
| Remote: | No |
| Local: | No |
| Published: | Jan 14 2005 12:00AM |
| Updated: | Jul 12 2009 09:27AM |
| Credit: | Discovery is credited to Andrew V. Samoilov. |
| Vulnerable: |
Turbolinux Turbolinux Workstation 8.0 Turbolinux Turbolinux Workstation 7.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Server 7.0 SuSE Linux 8.1 SuSE Linux 8.0 i386 SuSE Linux 8.0 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 Midnight Commander Midnight Commander 4.6 Midnight Commander Midnight Commander 4.5.55 Midnight Commander Midnight Commander 4.5.54 Midnight Commander Midnight Commander 4.5.52 Midnight Commander Midnight Commander 4.5.51 Midnight Commander Midnight Commander 4.5.50 Midnight Commander Midnight Commander 4.5.49 Midnight Commander Midnight Commander 4.5.48 Midnight Commander Midnight Commander 4.5.47 Midnight Commander Midnight Commander 4.5.46 Midnight Commander Midnight Commander 4.5.45 Midnight Commander Midnight Commander 4.5.44 Midnight Commander Midnight Commander 4.5.43 Midnight Commander Midnight Commander 4.5.42 Midnight Commander Midnight Commander 4.5.41 Midnight Commander Midnight Commander 4.5.40 Gentoo Linux Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 |
| Not Vulnerable: | |
Discussion
Midnight Commander Multiple Unspecified Vulnerabilities
It has been reported that Midnight Commander is prone to multiple, unspecified vulnerabilities. These issues are due to various design and boundary condition errors.
These issues could be leveraged by an attacker to execute arbitrary code on an affected system, which may facilitate unauthorized access. It is also possible for an attacker to carry out symbolic link attacks against an affected system, potentially facilitating a system wide denial of service.
It has been reported that Midnight Commander is prone to multiple, unspecified vulnerabilities. These issues are due to various design and boundary condition errors.
These issues could be leveraged by an attacker to execute arbitrary code on an affected system, which may facilitate unauthorized access. It is also possible for an attacker to carry out symbolic link attacks against an affected system, potentially facilitating a system wide denial of service.
Exploit / POC
Midnight Commander Multiple Unspecified Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Midnight Commander Multiple Unspecified Vulnerabilities
Solution:
Red Hat has released advisory RHSA-2005:512-08 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
Turbolinux has released a security announcement (TLSA- 24022005) and fixes to address these vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.
Gentoo has released an advisory (GLSA 200502-24) and an updated eBuild to address these issues. This update can be installed by issuing the following sequence of commands as a superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=app-misc/mc-4.6.0-r13"
Debian has released advisory DSA 639-1 dealing with these issues. Please see the referenced advisory for more information.
SuSE Linux has released a security summary report (SUSE-SR:2005:003) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.
RedHat Linux has released advisory RHSA-2005:217-10 to address these issues for RedHat Enterprise Linux operating systems. Please see the referenced advisory for further information.
Debian Linux 3.0 s/390
Debian Linux 3.0 alpha
Debian Linux 3.0 mips
Debian Linux 3.0 mipsel
Debian Linux 3.0 m68k
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 sparc
Debian Linux 3.0 ia-64
Debian Linux 3.0 ppc
Debian Linux 3.0 ia-32
Midnight Commander Midnight Commander 4.5.54
Midnight Commander Midnight Commander 4.5.55
Midnight Commander Midnight Commander 4.6
Solution:
Red Hat has released advisory RHSA-2005:512-08 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
Turbolinux has released a security announcement (TLSA- 24022005) and fixes to address these vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.
Gentoo has released an advisory (GLSA 200502-24) and an updated eBuild to address these issues. This update can be installed by issuing the following sequence of commands as a superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=app-misc/mc-4.6.0-r13"
Debian has released advisory DSA 639-1 dealing with these issues. Please see the referenced advisory for more information.
SuSE Linux has released a security summary report (SUSE-SR:2005:003) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.
RedHat Linux has released advisory RHSA-2005:217-10 to address these issues for RedHat Enterprise Linux operating systems. Please see the referenced advisory for further information.
Debian Linux 3.0 s/390
-
Debian gmc_4.5.55-1.2woody5_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _s390.deb -
Debian mc-common_4.5.55-1.2woody5_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_s390.deb -
Debian mc_4.5.55-1.2woody5_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ s390.deb
Debian Linux 3.0 alpha
-
Debian gmc_4.5.55-1.2woody5_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _alpha.deb -
Debian mc-common_4.5.55-1.2woody5_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_alpha.deb -
Debian mc_4.5.55-1.2woody5_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ alpha.deb
Debian Linux 3.0 mips
-
Debian gmc_4.5.55-1.2woody5_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _mips.deb -
Debian mc-common_4.5.55-1.2woody5_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_mips.deb -
Debian mc_4.5.55-1.2woody5_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ mips.deb
Debian Linux 3.0 mipsel
-
Debian gmc_4.5.55-1.2woody5_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _mipsel.deb -
Debian mc-common_4.5.55-1.2woody5_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_mipsel.deb -
Debian mc_4.5.55-1.2woody5_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ mipsel.deb
Debian Linux 3.0 m68k
-
Debian gmc_4.5.55-1.2woody5_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _m68k.deb -
Debian mc-common_4.5.55-1.2woody5_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_m68k.deb -
Debian mc_4.5.55-1.2woody5_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ m68k.deb
Debian Linux 3.0 hppa
-
Debian gmc_4.5.55-1.2woody5_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _hppa.deb -
Debian mc-common_4.5.55-1.2woody5_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_hppa.deb -
Debian mc_4.5.55-1.2woody5_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ hppa.deb
Debian Linux 3.0 arm
-
Debian gmc_4.5.55-1.2woody5_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _arm.deb -
Debian mc-common_4.5.55-1.2woody5_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_arm.deb -
Debian mc_4.5.55-1.2woody5_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ arm.deb
Debian Linux 3.0 sparc
-
Debian gmc_4.5.55-1.2woody5_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _sparc.deb -
Debian mc-common_4.5.55-1.2woody5_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_sparc.deb -
Debian mc_4.5.55-1.2woody5_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ sparc.deb
Debian Linux 3.0 ia-64
-
Debian gmc_4.5.55-1.2woody5_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _ia64.deb -
Debian mc-common_4.5.55-1.2woody5_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_ia64.deb -
Debian mc_4.5.55-1.2woody5_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ ia64.deb
Debian Linux 3.0 ppc
-
Debian gmc_4.5.55-1.2woody5_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _powerpc.deb -
Debian mc-common_4.5.55-1.2woody5_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_powerpc.deb -
Debian mc_4.5.55-1.2woody5_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ powerpc.deb
Debian Linux 3.0 ia-32
-
Debian gmc_4.5.55-1.2woody5_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _i386.deb -
Debian mc-common_4.5.55-1.2woody5_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_i386.deb -
Debian mc_4.5.55-1.2woody5_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ i386.deb
Midnight Commander Midnight Commander 4.5.54
-
TurboLinux mc-4.5.54-7.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/mc-4.5.54-7.i586.rpm -
TurboLinux mc-4.5.54-7.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/mc-4.5.54-7.i586.rpm -
TurboLinux mc-4.5.54-7.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/mc-4.5.54-7.i586.rpm -
TurboLinux mc-4.5.54-7.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/mc-4.5.54-7.i586.rpm
Midnight Commander Midnight Commander 4.5.55
-
SuSE mc-4.5.55-762.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/mc-4.5.55-762.i58 6.rpm
Midnight Commander Midnight Commander 4.6
-
SuSE mc-4.6.0-324.10.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mc-4.6.0-324.10.i 586.rpm -
SuSE mc-4.6.0-324.10.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mc-4.6.0-324. 10.x86_64.rpm -
SuSE mc-4.6.0-332.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mc-4.6.0-332.2.i5 86.rpm -
SuSE mc-4.6.0-332.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/mc-4.6.0-332. 2.x86_64.rpm -
SuSE mc-4.6.0-336.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mc-4.6.0-336.i586 .rpm -
SuSE mc-4.6.0-336.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mc-4.6.0-336. x86_64.rpm
References
Midnight Commander Multiple Unspecified Vulnerabilities
References:
References:
- Midnight Commander Homepage (Midnight Commander)
- RHSA-2005:217-10 - mc security update (RedHat)
- RHSA-2005:512-08 - mc security update (RedHat)