This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Midnight Commander First view 2001-01-09
Product Midnight Commander Last view 2005-05-02
Version 4.5.46 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:midnight_commander:midnight_commander

Activity : Overall

Related : CVE

  Date Alert Description
4.6 2005-05-02 CVE-2005-0763

Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code.

7.5 2005-04-14 CVE-2004-1176

Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

7.5 2005-04-14 CVE-2004-1175

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

5 2005-04-14 CVE-2004-1174

direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."

5 2005-04-14 CVE-2004-1093

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

5 2005-04-14 CVE-2004-1092

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.

5 2005-04-14 CVE-2004-1091

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.

5 2005-04-14 CVE-2004-1090

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."

5 2005-04-14 CVE-2004-1009

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

7.5 2005-04-14 CVE-2004-1005

Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

7.5 2005-04-14 CVE-2004-1004

Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

5 2004-08-18 CVE-2004-0232

Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

2.1 2004-08-18 CVE-2004-0231

Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."

10 2004-08-18 CVE-2004-0226

Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

4.6 2001-01-09 CVE-2000-1109

Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories that contain special characters followed by the commands to be executed.

Open Source Vulnerability Database (OSVDB)

id Description
15170 Midnight Commander insert_text() Function Local Overflow
12911 Midnight Commander Unspecified Underflow DoS
12910 Midnight Commander Insecure Filename Quoting Arbitrary Command Execution
12909 Midnight Commander Nonexistent File Descriptor Handling DoS
12908 Midnight Commander Unspecified Freed Memory DoS
12907 Midnight Commander Unspecified Unallocated Memory Issue
12906 Midnight Commander Unspecified Null Dereference DoS
12905 Midnight Commander Corrupted Selection Header DoS
12904 Midnight Commander Unspecified Infinite Loop DoS
12903 Midnight Commander Multiple Unspecified Overflows
12902 Midnight Commander Multiple Unspecified Format Strings
5722 Midnight Commander Unspecified Buffer Overflows
5721 Midnight Commander Insecure Temporary File Creation
5720 Midnight Commander Unspecified Format String
1671 Midnight Commander Directory Viewing Command Execution

OpenVAS Exploits

id Description
2009-10-10 Name : SLES9: Security update for Midnight Commander
File : nvt/sles9p5011441.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200405-21 (MC)
File : nvt/glsa_200405_21.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200502-24 (mc)
File : nvt/glsa_200502_24.nasl
2008-09-04 Name : FreeBSD Ports: mc
File : nvt/freebsd_mc.nasl
2008-09-04 Name : FreeBSD Ports: mc
File : nvt/freebsd_mc0.nasl
2008-01-17 Name : Debian Security Advisory DSA 036-1 (mc)
File : nvt/deb_036_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 497-1 (mc)
File : nvt/deb_497_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 639-1 (mc)
File : nvt/deb_639_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 698-1 (mc)
File : nvt/deb_698_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2004-136-01 mc
File : nvt/esoft_slk_ssa_2004_136_01.nasl

Nessus® Vulnerability Scanner

id Description
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_9797.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_0c6f3fde9c5111d893660020ed76ef5a.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2004-136-01.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_2b2b333b6bd311d995f8000a95bc6fae.nasl - Type: ACT_GATHER_INFO
2005-06-17 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2005-512.nasl - Type: ACT_GATHER_INFO
2005-03-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-698.nasl - Type: ACT_GATHER_INFO
2005-03-04 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2005-217.nasl - Type: ACT_GATHER_INFO
2005-02-18 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200502-24.nasl - Type: ACT_GATHER_INFO
2005-01-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-639.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-036.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-497.nasl - Type: ACT_GATHER_INFO
2004-08-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200405-21.nasl - Type: ACT_GATHER_INFO
2004-07-31 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2004-039.nasl - Type: ACT_GATHER_INFO
2004-07-25 Name: The remote host is missing a vendor-supplied security patch
File: suse_SA_2004_012.nasl - Type: ACT_GATHER_INFO
2004-07-23 Name: The remote Fedora Core host is missing a security update.
File: fedora_2004-112.nasl - Type: ACT_GATHER_INFO
2004-07-06 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2004-172.nasl - Type: ACT_GATHER_INFO