Lucene search
Veracode Vulnerability DatabaseVERACODE:31967HistorySep 05, 2021 - 1:45 a.m.
Privilege Escalation
2021-09-0501:45:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.004 Low
EPSS
Percentile
73.2%
mc is vulnerable to privilege escalation. The vulnerability exists due to the lack of sanitization of the fingerprint of the server when establishing an SFTP connection.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mc:sid | eq | 3:4.8.25-1 | |
| mc:sid | eq | 3:4.8.26-1 | |
| mc:sid | eq | 3:4.8.25-1 | |
| mc:sid | eq | 3:4.8.26-1 |
References
docs.ssh-mitm.at/CVE-2021-36370.html
github.com/MidnightCommander/mc/blob/5c1d3c55dd15356ec7d079084d904b7b0fd58d3e/src/vfs/sftpfs/connection.c#L484
github.com/MidnightCommander/mc/blob/master/src/vfs/sftpfs/connection.c
mail.gnome.org/archives/mc-devel/2021-August/msg00008.html
midnight-commander.org/
security-tracker.debian.org/tracker/CVE-2021-36370
sourceforge.net/projects/mcwin32/files/
Related
ubuntucve
ubuntucve
CVE-2021-36370
2021-08-30 00:00:00
osv
osv
CVE-2021-36370
2021-08-30 19:15:08
mc vulnerability
2022-08-09 11:44:21
openvas
openvas
Ubuntu: Security Advisory (USN-5160-1)
2023-01-27 00:00:00
Mageia: Security Advisory (MGASA-2022-0086)
2022-03-07 00:00:00
debiancve
debiancve
CVE-2021-36370
2021-08-30 19:15:08
prion
prion
Code injection
2021-08-30 19:15:00
nessus
nessus
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Midnight Commander vulnerability (USN-5160-1)
2023-10-16 00:00:00
openSUSE 15 Security Update : mc (openSUSE-SU-2022:0061-1)
2022-03-02 00:00:00
Amazon Linux 2 : mc (ALAS-2023-2147)
2023-07-20 00:00:00
cvelist
cvelist
CVE-2021-36370
2021-08-30 18:37:23
suse
suse
Security update for mc (moderate)
2022-03-01 00:00:00
cve
cve
CVE-2021-36370
2021-08-30 19:15:08
cbl_mariner
cbl_mariner
CVE-2021-36370 affecting package mc 4.8.21-4
2021-11-06 00:29:51
CVE-2021-36370 affecting package mc for versions less than 4.8.27-1
2022-04-09 06:51:56
nvd
nvd
CVE-2021-36370
2021-08-30 19:15:08
ubuntu
ubuntu
Midnight Commander vulnerability
2022-08-09 00:00:00
mageia
mageia
Updated mc packages fix security vulnerability
2022-03-06 13:40:17
amazon
amazon
Medium: mc
2023-07-17 17:40:00