This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Midnight Commander First view 1999-04-01
Product Midnight Commander Last view 2005-05-02
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:midnight_commander:midnight_commander:4.5.42:*:*:*:*:*:*:* 16
cpe:2.3:a:midnight_commander:midnight_commander:4.5.52:*:*:*:*:*:*:* 15
cpe:2.3:a:midnight_commander:midnight_commander:4.5.44:*:*:*:*:*:*:* 15
cpe:2.3:a:midnight_commander:midnight_commander:4.5.41:*:*:*:*:*:*:* 15
cpe:2.3:a:midnight_commander:midnight_commander:4.5.49:*:*:*:*:*:*:* 15
cpe:2.3:a:midnight_commander:midnight_commander:4.5.47:*:*:*:*:*:*:* 15
cpe:2.3:a:midnight_commander:midnight_commander:4.5.51:*:*:*:*:*:*:* 15
cpe:2.3:a:midnight_commander:midnight_commander:4.5.43:*:*:*:*:*:*:* 15
cpe:2.3:a:midnight_commander:midnight_commander:4.5.46:*:*:*:*:*:*:* 15
cpe:2.3:a:midnight_commander:midnight_commander:4.5.40:*:*:*:*:*:*:* 15
cpe:2.3:a:midnight_commander:midnight_commander:4.5.50:*:*:*:*:*:*:* 15
cpe:2.3:a:midnight_commander:midnight_commander:4.5.45:*:*:*:*:*:*:* 15
cpe:2.3:a:midnight_commander:midnight_commander:4.5.48:*:*:*:*:*:*:* 15
cpe:2.3:a:midnight_commander:midnight_commander:4.5.55:*:*:*:*:*:*:* 15
cpe:2.3:a:midnight_commander:midnight_commander:4.6:*:*:*:*:*:*:* 14
cpe:2.3:a:midnight_commander:midnight_commander:4.5.54:*:*:*:*:*:*:* 11
cpe:2.3:a:midnight_commander:midnight_commander:4:*:*:*:*:*:*:* 3
cpe:2.3:a:midnight_commander:midnight_commander:4.5.1:*:*:*:*:*:*:* 3
cpe:2.3:a:midnight_commander:midnight_commander:4.5.11:*:*:*:*:*:*:* 2

Related : CVE

  Date Alert Description
4.6 2005-05-02 CVE-2005-0763

Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code.

7.5 2005-04-14 CVE-2004-1176

Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

7.5 2005-04-14 CVE-2004-1175

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

5 2005-04-14 CVE-2004-1174

direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."

5 2005-04-14 CVE-2004-1093

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

5 2005-04-14 CVE-2004-1092

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.

5 2005-04-14 CVE-2004-1091

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.

5 2005-04-14 CVE-2004-1090

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."

5 2005-04-14 CVE-2004-1009

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

7.5 2005-04-14 CVE-2004-1005

Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

7.5 2005-04-14 CVE-2004-1004

Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

5 2004-08-18 CVE-2004-0232

Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

2.1 2004-08-18 CVE-2004-0231

Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."

10 2004-08-18 CVE-2004-0226

Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

7.5 2004-01-20 CVE-2003-1023

Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion.

4.6 2001-11-12 CVE-2001-1429

Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted text file.

4.6 2001-01-09 CVE-2000-1109

Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories that contain special characters followed by the commands to be executed.

4.6 2001-01-09 CVE-2000-1108

cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument.

4.6 1999-08-01 CVE-1999-1337

FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges.

2.1 1999-04-01 CVE-1999-0480

Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack.

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:822 Midnight Commander vfs_s_resolve_symlink BO

Open Source Vulnerability Database (OSVDB)

id Description
19111 Midnight Commander mcedit Crafted Text File Overflow
15170 Midnight Commander insert_text() Function Local Overflow
12911 Midnight Commander Unspecified Underflow DoS
12910 Midnight Commander Insecure Filename Quoting Arbitrary Command Execution
12909 Midnight Commander Nonexistent File Descriptor Handling DoS
12908 Midnight Commander Unspecified Freed Memory DoS
12907 Midnight Commander Unspecified Unallocated Memory Issue
12906 Midnight Commander Unspecified Null Dereference DoS
12905 Midnight Commander Corrupted Selection Header DoS
12904 Midnight Commander Unspecified Infinite Loop DoS
12903 Midnight Commander Multiple Unspecified Overflows
12902 Midnight Commander Multiple Unspecified Format Strings
5921 Midnight Commander Cleartext Password Storage
5920 Midnight Commander Symbolic Link DoS
5722 Midnight Commander Unspecified Buffer Overflows
5721 Midnight Commander Insecure Temporary File Creation
5720 Midnight Commander Unspecified Format String
2595 Midnight Commander VFS Symlink Overflow
1671 Midnight Commander Directory Viewing Command Execution
1644 Midnight Commander cons.saver Arbitrary File Write

OpenVAS Exploits

id Description
2009-10-10 Name : SLES9: Security update for Midnight Commander
File : nvt/sles9p5011441.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200403-09 (mc)
File : nvt/glsa_200403_09.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200405-21 (MC)
File : nvt/glsa_200405_21.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200502-24 (mc)
File : nvt/glsa_200502_24.nasl
2008-09-04 Name : FreeBSD Ports: mc
File : nvt/freebsd_mc.nasl
2008-09-04 Name : FreeBSD Ports: mc
File : nvt/freebsd_mc0.nasl
2008-09-04 Name : FreeBSD Ports: mc
File : nvt/freebsd_mc1.nasl
2008-01-17 Name : Debian Security Advisory DSA 036-1 (mc)
File : nvt/deb_036_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 424-1 (mc)
File : nvt/deb_424_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 497-1 (mc)
File : nvt/deb_497_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 639-1 (mc)
File : nvt/deb_639_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 698-1 (mc)
File : nvt/deb_698_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2004-136-01 mc
File : nvt/esoft_slk_ssa_2004_136_01.nasl

Nessus® Vulnerability Scanner

id Description
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2000-078.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_9797.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_0c6f3fde9c5111d893660020ed76ef5a.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_322d4ff685c311d8a41f0020ed76ef5a.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_2b2b333b6bd311d995f8000a95bc6fae.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2004-136-01.nasl - Type: ACT_GATHER_INFO
2005-06-17 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2005-512.nasl - Type: ACT_GATHER_INFO
2005-03-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-698.nasl - Type: ACT_GATHER_INFO
2005-03-04 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2005-217.nasl - Type: ACT_GATHER_INFO
2005-02-18 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200502-24.nasl - Type: ACT_GATHER_INFO
2005-01-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-639.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-036.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-424.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-497.nasl - Type: ACT_GATHER_INFO
2004-08-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200403-09.nasl - Type: ACT_GATHER_INFO
2004-08-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200405-21.nasl - Type: ACT_GATHER_INFO
2004-07-31 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2004-007.nasl - Type: ACT_GATHER_INFO
2004-07-31 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2004-039.nasl - Type: ACT_GATHER_INFO
2004-07-25 Name: The remote host is missing a vendor-supplied security patch
File: suse_SA_2004_012.nasl - Type: ACT_GATHER_INFO
2004-07-23 Name: The remote Fedora Core host is missing a security update.
File: fedora_2004-112.nasl - Type: ACT_GATHER_INFO
2004-07-23 Name: The remote Fedora Core host is missing a security update.
File: fedora_2004-058.nasl - Type: ACT_GATHER_INFO
2004-07-06 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2004-035.nasl - Type: ACT_GATHER_INFO
2004-07-06 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2004-172.nasl - Type: ACT_GATHER_INFO