This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Midnight Commander First view 2004-01-20
Product Midnight Commander Last view 2005-04-14
Version 4.6 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:midnight_commander:midnight_commander

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2005-04-14 CVE-2004-1176

Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

7.5 2005-04-14 CVE-2004-1175

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

5 2005-04-14 CVE-2004-1174

direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."

5 2005-04-14 CVE-2004-1093

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

5 2005-04-14 CVE-2004-1092

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.

5 2005-04-14 CVE-2004-1091

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.

5 2005-04-14 CVE-2004-1090

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."

5 2005-04-14 CVE-2004-1009

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

7.5 2005-04-14 CVE-2004-1005

Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

7.5 2005-04-14 CVE-2004-1004

Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

5 2004-08-18 CVE-2004-0232

Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

2.1 2004-08-18 CVE-2004-0231

Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."

10 2004-08-18 CVE-2004-0226

Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

7.5 2004-01-20 CVE-2003-1023

Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion.

Open Source Vulnerability Database (OSVDB)

id Description
12911 Midnight Commander Unspecified Underflow DoS
12910 Midnight Commander Insecure Filename Quoting Arbitrary Command Execution
12909 Midnight Commander Nonexistent File Descriptor Handling DoS
12908 Midnight Commander Unspecified Freed Memory DoS
12907 Midnight Commander Unspecified Unallocated Memory Issue
12906 Midnight Commander Unspecified Null Dereference DoS
12905 Midnight Commander Corrupted Selection Header DoS
12904 Midnight Commander Unspecified Infinite Loop DoS
12903 Midnight Commander Multiple Unspecified Overflows
12902 Midnight Commander Multiple Unspecified Format Strings
5722 Midnight Commander Unspecified Buffer Overflows
5721 Midnight Commander Insecure Temporary File Creation
5720 Midnight Commander Unspecified Format String
2595 Midnight Commander VFS Symlink Overflow

OpenVAS Exploits

id Description
2009-10-10 Name : SLES9: Security update for Midnight Commander
File : nvt/sles9p5011441.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200403-09 (mc)
File : nvt/glsa_200403_09.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200405-21 (MC)
File : nvt/glsa_200405_21.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200502-24 (mc)
File : nvt/glsa_200502_24.nasl
2008-09-04 Name : FreeBSD Ports: mc
File : nvt/freebsd_mc.nasl
2008-09-04 Name : FreeBSD Ports: mc
File : nvt/freebsd_mc0.nasl
2008-09-04 Name : FreeBSD Ports: mc
File : nvt/freebsd_mc1.nasl
2008-01-17 Name : Debian Security Advisory DSA 424-1 (mc)
File : nvt/deb_424_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 497-1 (mc)
File : nvt/deb_497_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 639-1 (mc)
File : nvt/deb_639_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2004-136-01 mc
File : nvt/esoft_slk_ssa_2004_136_01.nasl

Nessus® Vulnerability Scanner

id Description
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_9797.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_0c6f3fde9c5111d893660020ed76ef5a.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_322d4ff685c311d8a41f0020ed76ef5a.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_2b2b333b6bd311d995f8000a95bc6fae.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2004-136-01.nasl - Type: ACT_GATHER_INFO
2005-06-17 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2005-512.nasl - Type: ACT_GATHER_INFO
2005-03-04 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2005-217.nasl - Type: ACT_GATHER_INFO
2005-02-18 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200502-24.nasl - Type: ACT_GATHER_INFO
2005-01-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-639.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-424.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-497.nasl - Type: ACT_GATHER_INFO
2004-08-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200405-21.nasl - Type: ACT_GATHER_INFO
2004-08-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200403-09.nasl - Type: ACT_GATHER_INFO
2004-07-31 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2004-007.nasl - Type: ACT_GATHER_INFO
2004-07-31 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2004-039.nasl - Type: ACT_GATHER_INFO
2004-07-25 Name: The remote host is missing a vendor-supplied security patch
File: suse_SA_2004_012.nasl - Type: ACT_GATHER_INFO
2004-07-23 Name: The remote Fedora Core host is missing a security update.
File: fedora_2004-112.nasl - Type: ACT_GATHER_INFO
2004-07-23 Name: The remote Fedora Core host is missing a security update.
File: fedora_2004-058.nasl - Type: ACT_GATHER_INFO
2004-07-06 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2004-035.nasl - Type: ACT_GATHER_INFO
2004-07-06 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2004-172.nasl - Type: ACT_GATHER_INFO