 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.53057 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Security Advisory RHSA-2005:512 |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory RHSA-2005:512. Midnight Commander is a visual shell much like a file manager. Several denial of service bugs were found in Midnight Commander. These bugs could cause Midnight Commander to hang or crash if a victim opens a carefully crafted file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-1009, CVE-2004-1090, CVE-2004-1091, CVE-2004-1093 and CVE-2004-1174 to these issues. A filename quoting bug was found in Midnight Commander's FISH protocol handler. If a victim connects via embedded SSH support to a host containing a carefully crafted filename, arbitrary code may be executed as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1175 to this issue. A buffer overflow bug was found in the way Midnight Commander handles directory completion. If a victim uses completion on a maliciously crafted directory path, it is possible for arbitrary code to be executed as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0763 to this issue. Users of mc are advised to upgrade to these packages, which contain backported security patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-512.html Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-1009 Debian Security Information: DSA-639 (Google Search) http://www.debian.org/security/2005/dsa-639 http://www.redhat.com/support/errata/RHSA-2005-512.html http://secunia.com/advisories/13863/ XForce ISS Database: midnight-commander-dos(18903) https://exchange.xforce.ibmcloud.com/vulnerabilities/18903 Common Vulnerability Exposure (CVE) ID: CVE-2004-1090 XForce ISS Database: midnight-commander-section-dos(18907) https://exchange.xforce.ibmcloud.com/vulnerabilities/18907 Common Vulnerability Exposure (CVE) ID: CVE-2004-1091 http://secunia.com/advisories/13863 XForce ISS Database: midnight-commander-find-dos(18908) https://exchange.xforce.ibmcloud.com/vulnerabilities/18908 Common Vulnerability Exposure (CVE) ID: CVE-2004-1093 XForce ISS Database: midnight-commander-key-dos(18905) https://exchange.xforce.ibmcloud.com/vulnerabilities/18905 Common Vulnerability Exposure (CVE) ID: CVE-2004-1174 http://securitytracker.com/id?1012903 XForce ISS Database: midnight-commander-direntry-dos(18909) https://exchange.xforce.ibmcloud.com/vulnerabilities/18909 Common Vulnerability Exposure (CVE) ID: CVE-2004-1175 XForce ISS Database: midnight-commander-command-execution(18906) https://exchange.xforce.ibmcloud.com/vulnerabilities/18906 Common Vulnerability Exposure (CVE) ID: CVE-2005-0763 Debian Security Information: DSA-698 (Google Search) http://www.debian.org/security/2005/dsa-698 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |