292 matches found
Дырка в midnight commander
некорректная обработка метасимволов в именах файла приводит к возможности выполнения shell-кода...
DoS через cons.saver из Midnight Commander
Перенаправив вывод приложения в файл можно записать '0' в любой файл...
Problems with cons.saver
Hi, Many systems have a suid on cons.saver which is part of midnight commander package. Standard location of this binary is /usr/lib/mc/bin/cons.saver. There is a bug, which allows luser to write '0' char to any symlinkable file in system. So it can be very destructive, I wrote simple example of...
cons.saver.txt
Subject: Problems with cons.saver Author: Maurycy Prodeus Hi, Many systems have a suid on cons.saver which is part of midnight commander package. Standard location of this binary is /usr/lib/mc/bin/cons.saver. There is a bug, which allows luser to write '\0' char to any symlinkable file in system...
Linux news 23.05.00
Linux 2.2.16pre4 Alan Cox выпустил новую pre-версию следующего стабильного ядра Linux: 2.2.16pre4. Подробнее: http://www.lwn.net/daily/2.2.16pre4.html Kernel Traffic 68 Вышел очередной Kernel Traffic за номером 68. Подробнее: http://linuxtoday.com/newsstory.php3?ltsn=2000-05-22-003-04-OS-KN GNU...
CVE-1999-0480
Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack...
CVE-1999-0480
Midnight Commander 4.x is affected by a local denial of service via a symlink attack. The connected PT-1999-1160 entry confirms the issue in Midnight Commander 4.x and attributes it to a symlink-based condition exploitable by a local attacker to trigger DoS. No remediation or patched versions are...
midnight-commander-tty.txt
Date: Sun, 6 Sep 1998 00:53:24 +0200 From: Michal Zalewski To: [email protected] Subject: Sendmail, lynx, Netscape, sshd, Linux kernel twice More kernel 'things' - tty allocation ------------------------------------- Hmm, I've posted it months ago, and I have no idea why it hasn't been approve...
midnight.commander.4.x.tmp.race.txt
ate: Sun, 7 Mar 1999 01:41:25 +0100 From: Michal Zalewski Midnight Commander 4.x bugs x2 Still not fixed. Temporary files mc are created in insecure way, allowing typical races. Also, entering directories containing $... somewhere might result in execution of embeeded code. Described days ago,...
CVE-1999-1337
FTP client in Midnight Commander mc before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges...
CVE-1999-0480
Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack...
PT-1999-1160 · Unknown +2 · Midnight Commander +1
Name of the Vulnerable Software and Affected Versions: Midnight Commander versions 4.x Description: The issue allows local attackers to conduct a denial of service with a symlink attack. Recommendations: For Midnight Commander versions 4.x, at the moment, there is no information about a newer...