Lucene search
HistoryApr 14, 2005 - 4:00 a.m.
CVE-2004-1175
cve
midnight commander
remote execution
insecure filename quoting
shell metacharacters
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.2 High
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
84.0%
fish.c in midnight commander allows remote attackers to execute arbitrary programs via “insecure filename quoting,” possibly using shell metacharacters.
Affected configurations
Node
midnight_commandermidnight_commanderMatch4.5.40
ORmidnight_commandermidnight_commanderMatch4.5.41
ORmidnight_commandermidnight_commanderMatch4.5.42
ORmidnight_commandermidnight_commanderMatch4.5.43
ORmidnight_commandermidnight_commanderMatch4.5.44
ORmidnight_commandermidnight_commanderMatch4.5.45
ORmidnight_commandermidnight_commanderMatch4.5.46
ORmidnight_commandermidnight_commanderMatch4.5.47
ORmidnight_commandermidnight_commanderMatch4.5.48
ORmidnight_commandermidnight_commanderMatch4.5.49
ORmidnight_commandermidnight_commanderMatch4.5.50
ORmidnight_commandermidnight_commanderMatch4.5.51
ORmidnight_commandermidnight_commanderMatch4.5.52
ORmidnight_commandermidnight_commanderMatch4.5.54
ORmidnight_commandermidnight_commanderMatch4.5.55
ORmidnight_commandermidnight_commanderMatch4.6
Node
debiandebian_linuxMatch3.0
ORdebiandebian_linuxMatch3.0alpha
ORdebiandebian_linuxMatch3.0arm
ORdebiandebian_linuxMatch3.0hppa
ORdebiandebian_linuxMatch3.0ia-32
ORdebiandebian_linuxMatch3.0ia-64
ORdebiandebian_linuxMatch3.0m68k
ORdebiandebian_linuxMatch3.0mips
ORdebiandebian_linuxMatch3.0mipsel
ORdebiandebian_linuxMatch3.0ppc
ORdebiandebian_linuxMatch3.0s-390
ORdebiandebian_linuxMatch3.0sparc
ORgentoolinux
ORredhatenterprise_linuxMatch2.1advanced_server
ORredhatenterprise_linuxMatch2.1advanced_server_ia64
ORredhatenterprise_linuxMatch2.1workstation
ORredhatenterprise_linuxMatch2.1workstation_ia64
ORredhatlinux_advanced_workstationMatch2.1ia64
ORredhatlinux_advanced_workstationMatch2.1itanium_processor
ORsusesuse_linuxMatch8.0
ORsusesuse_linuxMatch8.0i386
ORsusesuse_linuxMatch8.1
ORsusesuse_linuxMatch8.2
ORsusesuse_linuxMatch9.0
ORsusesuse_linuxMatch9.0x86_64
ORsusesuse_linuxMatch9.1
ORsusesuse_linuxMatch9.2
ORturbolinuxturbolinux_serverMatch7.0
ORturbolinuxturbolinux_serverMatch8.0
ORturbolinuxturbolinux_workstationMatch7.0
ORturbolinuxturbolinux_workstationMatch8.0
Related
ubuntucve
ubuntucve
CVE-2004-1175
2005-04-14 00:00:00
debiancve
debiancve
CVE-2004-1175
2005-04-14 04:00:00
nvd
nvd
CVE-2004-1175
2005-04-14 04:00:00
cvelist
cvelist
CVE-2004-1175
2005-01-22 05:00:00
centos
centos
gmc, mc, mcserv security update
2005-06-16 23:23:14
redhat
redhat
(RHSA-2005:512) mc security update
2005-06-16 00:00:00
nessus
nessus
RHEL 2.1 : mc (RHSA-2005:512)
2005-06-17 00:00:00
Debian DSA-639-1 : mc - several vulnerabilities
2005-01-14 00:00:00
openvas
openvas
Debian Security Advisory DSA 639-1 (mc)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-639-1)
2008-01-17 00:00:00
osv
osv
mc - several
2005-01-14 00:00:00
debian
debian
[SECURITY] [DSA 639-1] New mc packages fix several vulnerabilities
2005-01-14 10:20:28
[SECURITY] [DSA 639-1] New mc packages fix several vulnerabilities
2005-01-14 10:20:28
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.2 High
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
84.0%
Related for CVE-2004-1175