 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.51808 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Security Advisory RHSA-2005:217 |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory RHSA-2005:217. Midnight Commander (mc) is a visual shell, much like a file manager. Several format string bugs were found in Midnight Commander. If a user is tricked by an attacker into opening a specially crafted path with mc, it may be possible to execute arbitrary code as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1004 to this issue. Several buffer overflow bugs were found in Midnight Commander. If a user is tricked by an attacker into opening a specially crafted file or path with mc, it may be possible to execute arbitrary code as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1005 to this issue. A buffer underflow bug was found in Midnight Commander. If a malicious local user is able to modify the extfs.ini file, it could be possible to execute arbitrary code as a user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1176 to this issue. Users of mc should upgrade to these updated packages, which contain a backported patch, and are not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-217.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295261 Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-1004 Debian Security Information: DSA-639 (Google Search) http://www.debian.org/security/2005/dsa-639 http://www.gentoo.org/security/en/glsa/glsa-200502-24.xml http://www.redhat.com/support/errata/RHSA-2005-217.html http://secunia.com/advisories/13863/ XForce ISS Database: midnightcommander-format-string(18902) https://exchange.xforce.ibmcloud.com/vulnerabilities/18902 Common Vulnerability Exposure (CVE) ID: CVE-2004-1005 XForce ISS Database: midnight-commander-bo(18898) https://exchange.xforce.ibmcloud.com/vulnerabilities/18898 Common Vulnerability Exposure (CVE) ID: CVE-2004-1176 http://securitytracker.com/id?1012903 http://secunia.com/advisories/13863 XForce ISS Database: midnight-commander-extfs-dos(18911) https://exchange.xforce.ibmcloud.com/vulnerabilities/18911 Common Vulnerability Exposure (CVE) ID: CVE-2005-1176 AIX APAR: IY70032 http://www-1.ibm.com/support/search.wss?rs=0&q=IY70032&apar=only AIX APAR: IY70034 http://www-1.ibm.com/support/search.wss?rs=0&q=IY70034&apar=only XForce ISS Database: aix-jfs2-race-condition(20604) https://exchange.xforce.ibmcloud.com/vulnerabilities/20604 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |