Midnight Commander Directory Viewing Command Execution Vulnerability
BID:2016
Info
Midnight Commander Directory Viewing Command Execution Vulnerability
| Bugtraq ID: | 2016 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 28 2000 12:00AM |
| Updated: | Nov 28 2000 12:00AM |
| Credit: | First posted to Bugtraq by Michal Zalewski <[email protected]> on November 28, 2000. |
| Vulnerable: |
Midnight Commander Midnight Commander 4.5.51 Midnight Commander Midnight Commander 4.5.50 Midnight Commander Midnight Commander 4.5.49 Midnight Commander Midnight Commander 4.5.48 Midnight Commander Midnight Commander 4.5.47 Midnight Commander Midnight Commander 4.5.46 Midnight Commander Midnight Commander 4.5.45 Midnight Commander Midnight Commander 4.5.44 Midnight Commander Midnight Commander 4.5.43 Midnight Commander Midnight Commander 4.5.42 Midnight Commander Midnight Commander 4.5.41 Midnight Commander Midnight Commander 4.5.40 |
| Not Vulnerable: | |
Discussion
Midnight Commander Directory Viewing Command Execution Vulnerability
Midnight Commander is a popular file management tool for unix systems. Among many other features, Midnight Commander allows users to traverse their filesystem using a menu-style console interface. There exists a vulnerability in the way Midnight Commander handles directories that may allow for arbitrary commands to be executed when maliciously created directories are opened.
Attackers can embed commands into directory names after certain byte values (0x03 and 0x14) that will be executed when a user running Midnight Commander opens them. Because Midnight Commander doesn't list entire directory names in the filesystem window if they are long, this sequence of characters (nonprintable) and the commands can be hidden from the user if enough printable/normal looking characters preceed them.
This vulnerability requires direct user interaction (user must open the malicious directory with Midnight commander) to be exploited.
If exploited, this vulnerability can result in an elevation of privileges for the attacker.
Midnight Commander is a popular file management tool for unix systems. Among many other features, Midnight Commander allows users to traverse their filesystem using a menu-style console interface. There exists a vulnerability in the way Midnight Commander handles directories that may allow for arbitrary commands to be executed when maliciously created directories are opened.
Attackers can embed commands into directory names after certain byte values (0x03 and 0x14) that will be executed when a user running Midnight Commander opens them. Because Midnight Commander doesn't list entire directory names in the filesystem window if they are long, this sequence of characters (nonprintable) and the commands can be hidden from the user if enough printable/normal looking characters preceed them.
This vulnerability requires direct user interaction (user must open the malicious directory with Midnight commander) to be exploited.
If exploited, this vulnerability can result in an elevation of privileges for the attacker.
Exploit / POC
Midnight Commander Directory Viewing Command Execution Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Midnight Commander Directory Viewing Command Execution Vulnerability
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].