SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Midnight Commander Vendors:   GNU Midnight Commander Project
Midnight Commander Has Multiple Bugs That May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1009981
SecurityTracker URL:  http://securitytracker.com/id/1009981
CVE Reference:   CVE-2004-0226, CVE-2004-0231, CVE-2004-0232   (Links to External Site)
Updated:  May 14 2004
Original Entry Date:  Apr 30 2004
Impact:   User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Several vulnerabilities were reported in Midnight Commander. A local user may be able to obtain elevated privileges.

Debian and Mandrake reported multiple vulnerabilities in Midnight Commander. The flaws include several buffer overflows [CVE: CVE-2004-0226], a format string vulnerability [CVE: CVE-2004-0232], and a temporary file and directory creation vulnerability [CVE: CVE-2004-0231].

Jacub Jelinek is credited with discovering the flaws.

Impact:   A local user may be able to gain the privileges of the user running mc.
Solution:   The report indicates that these flaws have been fixed in the upstream version.

[Editor's note: From minor code review, it appears that at least some of these flaws may have corrected as many as two years ago in the upstream version.]

Vendor URL:  www.ibiblio.org/mc/ (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 30 2004 (Mandrake Issues Fix) Midnight Commander Has Multiple Bugs That May Let Local Users Gain Elevated Privileges
Mandrake has released a fix.
Apr 30 2004 (Debian Issues Fix) Midnight Commander Has Multiple Bugs That May Let Local Users Gain Elevated Privileges
Debian has released a fix.
Apr 30 2004 (Red Hat Issues Fix for RH Linux) Midnight Commander Has Multiple Bugs That May Let Local Users Gain Elevated Privileges
Red Hat has released a fix for Red Hat Linux 9.
May 4 2004 (Red Hat Issues Fix for Fedora) Midnight Commander Has Multiple Bugs That May Let Local Users Gain Elevated Privileges
Red Hat has released a fix for Fedora.
May 14 2004 (SuSE Issues Fix) Midnight Commander Has Multiple Bugs That May Let Local Users Gain Elevated Privileges
SuSE has released a fix.
May 17 2004 (Slackware Issues Fix) Midnight Commander Has Multiple Bugs That May Let Local Users Gain Elevated Privileges
Slackware has released a fix.
May 20 2004 (Red Hat Issues Fix for RH Enteprise Linux) Midnight Commander Has Multiple Bugs That May Let Local Users Gain Elevated Privileges
Red Hat has released a fix for Red Hat Enterprise Linux 2.1.
May 26 2004 (Gentoo Issues Fix) Midnight Commander Has Multiple Bugs That May Let Local Users Gain Elevated Privileges
Gentoo has released a fix.



 Source Message Contents

Subject:  Midnight Commander vulnerabilities


Mandrake reported multiple vulnerabilities in Midnight Commander.

The flaws include several buffer overflows (CAN-2004-0226), a format string vulnerability 
(CAN-2004-0232), and a temporary file and directory creation vulnerability (CAN-2004-0231).

Jacub Jelinek is credited with discovering the flaws.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC