|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200502-24] Midnight Commander: Multiple vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Midnight Commander: Multiple vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200502-24
(Midnight Commander: Multiple vulnerabilities)
Midnight Commander contains several format string vulnerabilities
(CVE-2004-1004), buffer overflows (CVE-2004-1005), a memory
deallocation error (CVE-2004-1092) and a buffer underflow
(CVE-2004-1176).
Impact
A possible hacker could exploit these vulnerabilities to execute
arbitrary code with the permissions of the user running Midnight
Commander or cause Denial of Service by freeing unallocated memory.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1176
Solution:
All Midnight Commander users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-misc/mc-4.6.0-r13"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|