Midnight Commander Unspecified Format String

2004-04-30T00:00:00
ID OSVDB:5720
Type osvdb
Reporter Jacub Jelinek()
Modified 2004-04-30T00:00:00

Description

Vulnerability Description

GNU Midnight Commander contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the program fails to validate input of non-descript format strings. No further details have been provided. This flaw may lead to a loss of integrity and/or availability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, linux vendors Debian, Gentoo, Mandrake, Red Hat, Slackware and SuSE have released patches to address this vulnerability.

Short Description

GNU Midnight Commander contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the program fails to validate input of non-descript format strings. No further details have been provided. This flaw may lead to a loss of integrity and/or availability.

References:

Vendor URL: http://www.ibiblio.org/mc/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:11502 Secunia Advisory ID:11720 Secunia Advisory ID:11668 Related OSVDB ID: 5721 Related OSVDB ID: 5722 ISS X-Force ID: 16021 CVE-2004-0232 Bugtraq ID: 10242