midnight commander midnight commander vulnerabilities and exploits

(subscribe to this query)

NA

GNU Midnight Commander 4.8.29-146-g299d9a2fb exists to contain a NULL pointer dereference via the function x_error_handler() at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem (an X operation silently fails).

5

CVSSv2

An issue exists in Midnight Commander up to and including 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.

Midnight-commander Midnight Commander

5.1

CVSSv2

Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote malicious users to execute arbitrary commands via a crafted file name.

Midnight-commander Midnight Commander 4.8.5

4.6

CVSSv2

Buffer overflow in Midnight Commander (mc) 4.5.55 and previous versions may allow malicious users to execute arbitrary code.

Midnight Commander Midnight Commander

5

CVSSv2

Midnight commander (mc) 4.5.55 and previous versions allows remote malicious users to cause a denial of service by causing mc to free unallocated memory.

Midnight Commander Midnight Commander 4.5.40 Midnight Commander Midnight Commander 4.5.41 Midnight Commander Midnight Commander 4.5.48 Midnight Commander Midnight Commander 4.5.49 Midnight Commander Midnight Commander 4.5.42 Midnight Commander Midnight Commander 4.5.43 Midnight Commander Midnight Commander 4.5.50 Midnight Commander Midnight Commander 4.5.51 Midnight Commander Midnight Commander 4.5.46 Midnight Commander Midnight Commander 4.5.47 Midnight Commander Midnight Commander 4.6 Midnight Commander Midnight Commander 4.5.44 Midnight Commander Midnight Commander 4.5.45 Midnight Commander Midnight Commander 4.5.52 Midnight Commander Midnight Commander 4.5.54 Midnight Commander Midnight Commander 4.5.55 Debian Debian Linux 3.0 Redhat Enterprise Linux 2.1 Redhat Linux Advanced Workstation 2.1 Suse Suse Linux 9.1 Suse Suse Linux 9.2 Suse Suse Linux 8.0

7.5

CVSSv2

fish.c in midnight commander allows remote malicious users to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

7.5

CVSSv2

Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and previous versions allows remote malicious users to cause a denial of service and possibly execute arbitrary code.

Midnight Commander Midnight Commander 4.5.41 Midnight Commander Midnight Commander 4.5.45 Midnight Commander Midnight Commander 4.5.46 Midnight Commander Midnight Commander 4.5.54 Midnight Commander Midnight Commander 4.5.55 Midnight Commander Midnight Commander 4.5.42 Midnight Commander Midnight Commander 4.5.49 Midnight Commander Midnight Commander 4.5.50 Midnight Commander Midnight Commander 4.5.43 Midnight Commander Midnight Commander 4.5.44 Midnight Commander Midnight Commander 4.5.51 Midnight Commander Midnight Commander 4.5.52 Midnight Commander Midnight Commander 4.5.40 Midnight Commander Midnight Commander 4.5.47 Midnight Commander Midnight Commander 4.5.48 Midnight Commander Midnight Commander 4.6 Debian Debian Linux 3.0 Redhat Enterprise Linux 2.1 Suse Suse Linux 8.1 Suse Suse Linux 8.2 Turbolinux Turbolinux Workstation 8.0 Redhat Linux Advanced Workstation 2.1

7.5

CVSSv2

Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and previous versions allow remote malicious users to have an unknown impact.

Midnight Commander Midnight Commander 4.5.43 Midnight Commander Midnight Commander 4.5.44 Midnight Commander Midnight Commander 4.5.51 Midnight Commander Midnight Commander 4.5.52 Midnight Commander Midnight Commander 4.5.40 Midnight Commander Midnight Commander 4.5.47 Midnight Commander Midnight Commander 4.5.48 Midnight Commander Midnight Commander 4.6 Midnight Commander Midnight Commander 4.5.41 Midnight Commander Midnight Commander 4.5.42 Midnight Commander Midnight Commander 4.5.49 Midnight Commander Midnight Commander 4.5.50 Midnight Commander Midnight Commander 4.5.45 Midnight Commander Midnight Commander 4.5.46 Midnight Commander Midnight Commander 4.5.54 Midnight Commander Midnight Commander 4.5.55 Debian Debian Linux 3.0 Gentoo Linux Suse Suse Linux 8.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Workstation 7.0 Redhat Enterprise Linux 2.1

7.5

CVSSv2

Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and previous versions allow remote malicious users to have an unknown impact.

5

CVSSv2

Midnight commander (mc) 4.5.55 and previous versions allows remote malicious users to cause a denial of service (infinite loop) via unknown attack vectors.

Midnight Commander Midnight Commander 4.5.40 Midnight Commander Midnight Commander 4.5.47 Midnight Commander Midnight Commander 4.5.48 Midnight Commander Midnight Commander 4.6 Midnight Commander Midnight Commander 4.5.43 Midnight Commander Midnight Commander 4.5.44 Midnight Commander Midnight Commander 4.5.51 Midnight Commander Midnight Commander 4.5.52 Midnight Commander Midnight Commander 4.5.41 Midnight Commander Midnight Commander 4.5.42 Midnight Commander Midnight Commander 4.5.49 Midnight Commander Midnight Commander 4.5.50 Midnight Commander Midnight Commander 4.5.45 Midnight Commander Midnight Commander 4.5.46 Midnight Commander Midnight Commander 4.5.54 Midnight Commander Midnight Commander 4.5.55 Debian Debian Linux 3.0 Gentoo Linux Suse Suse Linux 8.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Workstation 7.0 Redhat Linux Advanced Workstation 2.1

Get Started

1 2 3 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook