The Midnight Commander, mc(1), is a ncurses-based file manager. A local attacker could trick mc(1) into executing commands with the privileges of the user running mc(1) by creating malicious directory names. This attack leads to local privilege escalation.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 6.2 | i386 | mc | < 4.5.37-20 | mc-4.5.37-20.i386.rpm |
openSUSE | 7.0 | sparc | mc | < 4.5.50-1 | mc-4.5.50-1.sparc.rpm |
openSUSE | 6.1 | i386 | mc | < 4.5.33-1 | mc-4.5.33-1.i386.rpm |
openSUSE | 6.4 | alpha | mc | < 4.5.42-47 | mc-4.5.42-47.alpha.rpm |
openSUSE | 6.4 | i386 | mc | < 4.5.42-47 | mc-4.5.42-47.i386.rpm |
openSUSE | 7.0 | i386 | mc | < 4.5.50-1 | mc-4.5.50-1.i386.rpm |
openSUSE | 7.0 | ppc | mc | < 4.5.50-1 | mc-4.5.50-1.ppc.rpm |
openSUSE | 6.4 | ppc | mc | < 4.5.42-47 | mc-4.5.42-47.ppc.rpm |
openSUSE | 7.1 | i386 | mc | < 4.5.51-1 | mc-4.5.51-1.i386.rpm |
openSUSE | 6.3 | alpha | mc | < 4.5.40-1 | mc-4.5.40-1.alpha.rpm |