 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.50310 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 1 FEDORA-2004-112 (mc) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to mc announced via advisory FEDORA-2004-112. Midnight Commander is a visual shell much like a file manager, only with many more features. It is a text mode application, but it also includes mouse support if you are running GPM. Midnight Commander's best features are its ability to FTP, view tar and zip files, and to poke into RPMs for specific files. Update Information: Several buffer overflows, several temporary file creation vulnerabilities, and one format string vulnerability have been discovered in Midnight Commander. These vulnerabilities were discovered mostly by Andrew V. Samoilov and Pavel Roskin. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0226, CVE-2004-0231, and CVE-2004-0232 to these issues. * Fri Apr 16 2004 Jakub Jelinek - don't use mmap if st_size doesn't fit into size_t - fix one missed match_normal -> match_regex - rebuilt for FC1 updates * Fri Apr 16 2004 Jakub Jelinek - avoid buffer overflows in mcedit Replace function * Wed Apr 14 2004 Jakub Jelinek - perl scripting fix * Wed Apr 14 2004 Jakub Jelinek - fix a bug in complete.c introduced by last patch - export MC_TMPDIR env variable - avoid integer overflows in free diskspace % counting - put temporary files into $MC_TMPDIR tree if possible, use mktemp/mkdtemp * Mon Apr 05 2004 Jakub Jelinek - fix a bunch of buffer overflows and memory leaks (CVE-2004-0226) - fix hardlink handling in cpio filesystem - fix handling of filenames with single/double quotes and backslashes in /usr/share/mc/extfs/rpm - update php.syntax file (#112645) - fix crash with large syntax file (#112644) - update CVE-2003-1023 fix to still make vfs symlinks relative, but with bounds checking Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2004-112.shtml Risk factor : Critical CVSS Score: 10.0 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-0226 Debian Security Information: DSA-497 (Google Search) http://www.debian.org/security/2004/dsa-497 http://security.gentoo.org/glsa/glsa-200405-21.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:039 http://www.redhat.com/support/errata/RHSA-2004-172.html SuSE Security Announcement: SuSE-SA:2004:012 (Google Search) http://www.novell.com/linux/security/advisories/2004_12_mc.html XForce ISS Database: midnight-commander-local-privileges(16016) https://exchange.xforce.ibmcloud.com/vulnerabilities/16016 Common Vulnerability Exposure (CVE) ID: CVE-2004-0231 XForce ISS Database: midnight-commander-insecure-files(16020) https://exchange.xforce.ibmcloud.com/vulnerabilities/16020 Common Vulnerability Exposure (CVE) ID: CVE-2004-0232 XForce ISS Database: midnight-commander-format-string(16021) https://exchange.xforce.ibmcloud.com/vulnerabilities/16021 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |