Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

midnight.commander.4.x.tmp.race.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 50 Views

Midnight Commander 4.x has insecure temporary file creation and potential code execution risks.

Code
`ate: Sun, 7 Mar 1999 01:41:25 +0100  
From: Michal Zalewski <[email protected]>  
  
Midnight Commander 4.x bugs (x2)  
  
Still not fixed. Temporary files mc are created in insecure way, allowing  
typical races. Also, entering directories containing $(...) somewhere  
might result in execution of embeeded code. Described days ago, dunno why  
it hasn't been patched.  
  
_______________________________________________________________________  
Michal Zalewski [[email protected]] [link / marchew] [dione.ids.pl SYSADM]  
[Marchew Industries] ! [http://lcamtuf.na.export.pl] bash$ :(){ :|:&};:  
[voice phone: +48 (0) 22 813 25 86] ? [pager (MetroBip): 0 642 222 813]  
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]  
  
---------------------------------------------------------------------------  
  
Date: Mon, 5 Apr 1999 13:00:14 -0500  
From: Miguel de Icaza <[email protected]>  
To: [email protected]  
Subject: Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Commander (x2)  
  
> 7. Midnight Commander 4.x bugs (x2)  
>  
> Still not fixed. Temporary files mc are created in insecure way, allowing  
> typical races. Also, entering directories containing $(...) somewhere  
> might result in execution of embeeded code.  
  
4.x barely tells me anything. Code in the 4.x can mean anything in  
the last 18 months. P  
  
There are two major code versions:  
  
4.1.xx: old, stable  
4.5.xx: new, stable  
  
I do not know of any problems in 4.5.xx. The code does take  
appropiate steps to work around those problems.  
  
> Described days ago, dunno why it hasn't been patched.  
  
you might have described that to your shrink, or perhaps a frog  
sitting on a rock, but I never saw any detailed bug reports about  
this.  
  
miguel.  
  
---------------------------------------------------------------------------  
  
Date: Mon, 8 Mar 1999 02:37:18 +0100  
From: Michal Zalewski <[email protected]>  
  
> 7. Midnight Commander 4.x bugs (x2)  
  
While Miguel de Icaza claims there's no known bugs in mc, Pavel Machek  
confirmed that there are still not fixed races.  
  
---------------------------------------------------------------------------  
  
Date: Fri, 9 Apr 1999 14:17:17 +0200  
From: Pavel Machek <[email protected]>  
To: [email protected]  
Subject: Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Commander (x2)  
  
Hi!  
  
> > 7. Midnight Commander 4.x bugs (x2)  
>  
> While Miguel de Icaza claims there's no known bugs in mc, Pavel Machek  
> confirmed that there are still not fixed races.  
  
I checked out cvs of mc today, and races are gone. Owen Taylor did the  
work. Is there any more problems in midnight you know of?  
  
Pavel  
--  
The best software in life is free (not shareware)! Pavel  
GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+  
  
---------------------------------------------------------------------------  
  
Date: Sat, 10 Apr 1999 17:27:33 +0200  
From: Luca Berra <[email protected]>  
To: [email protected]  
Subject: Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Commander (x2)  
  
On Fri, Apr 09, 1999 at 02:17:17PM +0200, Pavel Machek wrote:  
> Hi!  
>  
> > > 7. Midnight Commander 4.x bugs (x2)  
> >  
> > While Miguel de Icaza claims there's no known bugs in mc, Pavel Machek  
> > confirmed that there are still not fixed races.  
>  
> I checked out cvs of mc today, and races are gone. Owen Taylor did the  
> work. Is there any more problems in midnight you know of?  
>  
  
Yup, most of the vfs shell scripts sux  
i.e.: many contain things like '> $3' unquoted.  
the mc.sh example script is a perfect example of how  
a script should not be written ($RANDOM is not at all a safe  
way to generate temporary file names)  
  
i tried to patch whatever i found,  
all my patches to mc, if anyone cares, can be found at  
  
http://www.comedia.it/bluca/mc/  
  
Regards,  
Luca  
  
--  
Luca Berra -- [email protected]  
CoMedia s.r.l.  
  
---------------------------------------------------------------------------  
  
Date: Sun, 11 Apr 1999 14:56:36 -0500  
From: Miguel de Icaza <[email protected]>  
To: [email protected]  
Subject: Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Commander (x2)  
  
> Yup, most of the vfs shell scripts sux  
> i.e.: many contain things like '> $3' unquoted.  
  
Ok, at least this bit has been fixed in 4.5.30 thanks to Owen Taylor.  
  
the mc.sh sample code is still broken.  
  
I will look at your patches and integrate new things.  
  
Miguel.  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
midnight commandersecurity bugstemporary filescode executionrace conditionsunpatched issues
50