Test ID:	1.3.6.1.4.1.25623.1.0.53057
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2005:512
Summary:	Redhat Security Advisory RHSA-2005:512
Description:	The remote host is missing updates announced in advisory RHSA-2005:512. Midnight Commander is a visual shell much like a file manager. Several denial of service bugs were found in Midnight Commander. These bugs could cause Midnight Commander to hang or crash if a victim opens a carefully crafted file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-1009, CVE-2004-1090, CVE-2004-1091, CVE-2004-1093 and CVE-2004-1174 to these issues. A filename quoting bug was found in Midnight Commander's FISH protocol handler. If a victim connects via embedded SSH support to a host containing a carefully crafted filename, arbitrary code may be executed as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1175 to this issue. A buffer overflow bug was found in the way Midnight Commander handles directory completion. If a victim uses completion on a maliciously crafted directory path, it is possible for arbitrary code to be executed as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0763 to this issue. Users of mc are advised to upgrade to these packages, which contain backported security patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-512.html Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1009 Debian Security Information: DSA-639 (Google Search) http://www.debian.org/security/2005/dsa-639 http://www.redhat.com/support/errata/RHSA-2005-512.html XForce ISS Database: midnight-commander-dos(18903) http://xforce.iss.net/xforce/xfdb/18903 http://secunia.com/advisories/13863/ Common Vulnerability Exposure (CVE) ID: CVE-2004-1090 XForce ISS Database: midnight-commander-section-dos(18907) http://xforce.iss.net/xforce/xfdb/18907 Common Vulnerability Exposure (CVE) ID: CVE-2004-1091 http://secunia.com/advisories/13863 XForce ISS Database: midnight-commander-find-dos(18908) http://xforce.iss.net/xforce/xfdb/18908 Common Vulnerability Exposure (CVE) ID: CVE-2004-1093 XForce ISS Database: midnight-commander-key-dos(18905) http://xforce.iss.net/xforce/xfdb/18905 Common Vulnerability Exposure (CVE) ID: CVE-2004-1174 http://securitytracker.com/id?1012903 XForce ISS Database: midnight-commander-direntry-dos(18909) http://xforce.iss.net/xforce/xfdb/18909 Common Vulnerability Exposure (CVE) ID: CVE-2004-1175 XForce ISS Database: midnight-commander-command-execution(18906) http://xforce.iss.net/xforce/xfdb/18906 Common Vulnerability Exposure (CVE) ID: CVE-2005-0763 Debian Security Information: DSA-698 (Google Search) http://www.debian.org/security/2005/dsa-698
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: