Lucene search
This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2005-217.NASLHistoryMar 04, 2005 - 12:00 a.m.
RHEL 2.1 : mc (RHSA-2005:217)
2005-03-0400:00:00
This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
Updated mc packages that fix multiple security issues are now available.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Midnight Commander (mc) is a visual shell, much like a file manager.
Several format string bugs were found in Midnight Commander. If a user is tricked by an attacker into opening a specially crafted path with mc, it may be possible to execute arbitrary code as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1004 to this issue.
Several buffer overflow bugs were found in Midnight Commander. If a user is tricked by an attacker into opening a specially crafted file or path with mc, it may be possible to execute arbitrary code as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1005 to this issue.
A buffer underflow bug was found in Midnight Commander. If a malicious local user is able to modify the extfs.ini file, it could be possible to execute arbitrary code as a user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1176 to this issue.
Users of mc should upgrade to these updated packages, which contain a backported patch, and are not vulnerable to this issue.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2005:217. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(17267);
script_version("1.28");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2004-1004", "CVE-2004-1005", "CVE-2004-1176");
script_xref(name:"RHSA", value:"2005:217");
script_name(english:"RHEL 2.1 : mc (RHSA-2005:217)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated mc packages that fix multiple security issues are now
available.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
Midnight Commander (mc) is a visual shell, much like a file manager.
Several format string bugs were found in Midnight Commander. If a user
is tricked by an attacker into opening a specially crafted path with
mc, it may be possible to execute arbitrary code as the user running
Midnight Commander. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-1004 to this issue.
Several buffer overflow bugs were found in Midnight Commander. If a
user is tricked by an attacker into opening a specially crafted file
or path with mc, it may be possible to execute arbitrary code as the
user running Midnight Commander. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-1005
to this issue.
A buffer underflow bug was found in Midnight Commander. If a malicious
local user is able to modify the extfs.ini file, it could be possible
to execute arbitrary code as a user running Midnight Commander. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-1176 to this issue.
Users of mc should upgrade to these updated packages, which contain a
backported patch, and are not vulnerable to this issue."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2004-1004"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2004-1005"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2004-1176"
);
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295261
script_set_attribute(
attribute:"see_also",
value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295261"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2005:217"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected gmc, mc and / or mcserv packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gmc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mcserv");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
script_set_attribute(attribute:"vuln_publication_date", value:"2005/04/14");
script_set_attribute(attribute:"patch_publication_date", value:"2005/03/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/04");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2005:217";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"gmc-4.5.51-36.6")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mc-4.5.51-36.6")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mcserv-4.5.51-36.6")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gmc / mc / mcserv");
}
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | gmc | p-cpe:/a:redhat:enterprise_linux:gmc |
| redhat | enterprise_linux | mc | p-cpe:/a:redhat:enterprise_linux:mc |
| redhat | enterprise_linux | mcserv | p-cpe:/a:redhat:enterprise_linux:mcserv |
| redhat | enterprise_linux | 2.1 | cpe:/o:redhat:enterprise_linux:2.1 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1004
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1005
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1176
access.redhat.com/errata/RHSA-2005:217
access.redhat.com/security/cve/cve-2004-1004
access.redhat.com/security/cve/cve-2004-1005
access.redhat.com/security/cve/cve-2004-1176
bugs.debian.org/cgi-bin/bugreport.cgi?bug=295261
Related
redhat
redhat
(RHSA-2005:217) mc security update
2005-03-04 00:00:00
nessus
nessus
SuSE9 Security Update : Midnight Commander (YOU Patch Number 9797)
2009-09-24 00:00:00
GLSA-200502-24 : Midnight Commander: Multiple vulnerabilities
2005-02-18 00:00:00
Debian DSA-639-1 : mc - several vulnerabilities
2005-01-14 00:00:00
openvas
openvas
SLES9: Security update for Midnight Commander
2009-10-10 00:00:00
SLES9: Security update for Midnight Commander
2009-10-10 00:00:00
Gentoo Security Advisory GLSA 200502-24 (mc)
2008-09-24 00:00:00
gentoo
gentoo
Midnight Commander: Multiple vulnerabilities
2005-02-17 00:00:00
ubuntucve
ubuntucve
debiancve
debiancve
cve
cve
debian
debian
[SECURITY] [DSA 639-1] New mc packages fix several vulnerabilities
2005-01-14 10:20:28
[SECURITY] [DSA 639-1] New mc packages fix several vulnerabilities
2005-01-14 10:20:28
osv
osv
mc - several
2005-01-14 00:00:00
freebsd
freebsd
mc -- multiple vulnerabilities
2004-12-01 00:00:00
Related for REDHAT-RHSA-2005-217.NASL