Nessus Plugin #17138
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200502-24] Midnight Commander: Multiple vulnerabilities
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2005 Michel Arboi
- Summary:
- Midnight Commander: Multiple vulnerabilities
- Version:
- $Revision: 1.1 $
- Cve_id:
- CAN-2004-1004, CAN-2004-1005, CAN-2004-1092, CAN-2004-1176
- Bugtraq_id:
- -
- Xrefs:
- GLSA:200502-24
- Description:
- The remote host is affected by the vulnerability described in GLSA-200502-24
(Midnight Commander: Multiple vulnerabilities)
Midnight Commander contains several format string vulnerabilities
(CAN-2004-1004), buffer overflows (CAN-2004-1005), a memory
deallocation error (CAN-2004-1092) and a buffer underflow
(CAN-2004-1176).
Impact
An attacker could exploit these vulnerabilities to execute
arbitrary code with the permissions of the user running Midnight
Commander or cause Denial of Service by freeing unallocated memory.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1176
Solution:
All Midnight Commander users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-misc/mc-4.6.0-r13"
Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.