7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
83.9%
Midnight Commander (mc) is a visual shell much like a file manager.
Shell escape bugs have been discovered in several of the mc vfs backend
scripts. An attacker who is able to influence a victim to open a
specially-crafted URI using mc could execute arbitrary commands as the
victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0494 to this issue.
Users of mc should upgrade to this updated package which contains
backported patches and is not vulnerable to this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | i386 | mcserv | < 4.5.51-36.4 | mcserv-4.5.51-36.4.i386.rpm |
RedHat | any | ia64 | mcserv | < 4.5.51-36.4 | mcserv-4.5.51-36.4.ia64.rpm |
RedHat | any | ia64 | gmc | < 4.5.51-36.4 | gmc-4.5.51-36.4.ia64.rpm |
RedHat | any | i386 | mc | < 4.5.51-36.4 | mc-4.5.51-36.4.i386.rpm |
RedHat | any | ia64 | mc | < 4.5.51-36.4 | mc-4.5.51-36.4.ia64.rpm |
RedHat | any | i386 | gmc | < 4.5.51-36.4 | gmc-4.5.51-36.4.i386.rpm |