Midnight Commander Insecure Temporary File Creation

2004-04-30T00:00:00
ID OSVDB:5721
Type osvdb
Reporter Jacub Jelinek()
Modified 2004-04-30T00:00:00

Description

Vulnerability Description

GNU Midnight Commander contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to insecure temporary file and directory creations. This flaw may lead to a loss of integrity. No further details are available.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, linux vendors Debian, Gentoo, Mandrake, SuSE and Red Hat have released patches to address this vulnerability.

Short Description

GNU Midnight Commander contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to insecure temporary file and directory creations. This flaw may lead to a loss of integrity. No further details are available.

References:

Vendor URL: http://www.ibiblio.org/mc/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:11502 Secunia Advisory ID:11720 Secunia Advisory ID:11668 Related OSVDB ID: 5722 Related OSVDB ID: 5720 ISS X-Force ID: 16020 CVE-2004-0231 Bugtraq ID: 10242