GoogleOSV:DSA-639-1mc - several
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.088 Low
EPSS
Percentile
93.7%
Andrew V. Samoilov has noticed that several bugfixes which were
applied to the source by upstream developers of mc, the midnight
commander, a file browser and manager, were not backported to the
current version of mc that Debian ships in their stable release. The
Common Vulnerabilities and Exposures Project identifies the following
vulnerabilities:
-
CAN-2004-1004
Multiple format string vulnerabilities -
CAN-2004-1005
Multiple buffer overflows -
CAN-2004-1009
One infinite loop vulnerability -
CAN-2004-1090
Denial of service via corrupted section header -
CAN-2004-1091
Denial of service via null dereference -
CAN-2004-1092
Freeing unallocated memory -
CAN-2004-1093
Denial of service via use of already freed memory -
CAN-2004-1174
Denial of service via manipulating non-existing file handles -
CAN-2004-1175
Unintended program execution via insecure filename quoting -
CAN-2004-1176
Denial of service via a buffer underflow
For the stable distribution (woody) these problems have been fixed in
version 4.5.55-1.2woody5.
For the unstable distribution (sid) these problems should already be
fixed since they were backported from current versions.
We recommend that you upgrade your mc package.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mc | eq | 4.5.55-1.2woody3 |
References
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.088 Low
EPSS
Percentile
93.7%