Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51808
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2005:217
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2005:217.

Midnight Commander (mc) is a visual shell, much like a file manager.

Several format string bugs were found in Midnight Commander. If a user is
tricked by an attacker into opening a specially crafted path with mc, it
may be possible to execute arbitrary code as the user running Midnight
Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2004-1004 to this issue.

Several buffer overflow bugs were found in Midnight Commander. If a user is
tricked by an attacker into opening a specially crafted file or path
with mc, it may be possible to execute arbitrary code as the user running
Midnight Commander. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-1005 to this issue.

A buffer underflow bug was found in Midnight Commander. If a malicious
local user is able to modify the extfs.ini file, it could be possible to
execute arbitrary code as a user running Midnight Commander. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2004-1176 to this issue.

Users of mc should upgrade to these updated packages, which contain a
backported patch, and are not vulnerable to this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-217.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295261

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-1004
Debian Security Information: DSA-639 (Google Search)
http://www.debian.org/security/2005/dsa-639
http://www.gentoo.org/security/en/glsa/glsa-200502-24.xml
http://www.redhat.com/support/errata/RHSA-2005-217.html
http://secunia.com/advisories/13863/
XForce ISS Database: midnightcommander-format-string(18902)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18902
Common Vulnerability Exposure (CVE) ID: CVE-2004-1005
XForce ISS Database: midnight-commander-bo(18898)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18898
Common Vulnerability Exposure (CVE) ID: CVE-2004-1176
http://securitytracker.com/id?1012903
http://secunia.com/advisories/13863
XForce ISS Database: midnight-commander-extfs-dos(18911)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18911
Common Vulnerability Exposure (CVE) ID: CVE-2005-1176
AIX APAR: IY70032
http://www-1.ibm.com/support/search.wss?rs=0&q=IY70032&apar=only
AIX APAR: IY70034
http://www-1.ibm.com/support/search.wss?rs=0&q=IY70034&apar=only
XForce ISS Database: aix-jfs2-race-condition(20604)
https://exchange.xforce.ibmcloud.com/vulnerabilities/20604
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.