Vulnerability Bulletins |
Ejecución de código arbitrario en Linux mediante mc |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software |
Debian GNU/Linux 3.0 (woody) Red Hat Linux 9 Mandrake Linux 9.1, 9.2, 9.2/AMD64, Corporate Server 2.1 |
Description |
|
| Se ha descubierto una vulnerabilidad en el Midnight Commander, un gestor de archivos conocido abreviadamente como mc. La explotación de esta vulnerabilidad podría ser aprovechada para, mediante un archivo .tar (por ejemplo), provocar la ejecución de código arbitrario si ese archivo es abierto por el Midnight Commander (mc). | |
Solution |
|
|
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software Debian GNU/Linux 3.0 (woody) Source: http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2.dsc http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2.diff.gz http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55.orig.tar.gz Alpha: http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody2_alpha.deb http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2_alpha.deb http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody2_alpha.deb ARM: http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody2_arm.deb http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2_arm.deb http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody2_arm.deb Intel IA-32: http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody2_i386.deb http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2_i386.deb http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody2_i386.deb Intel IA-64: http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody2_ia64.deb http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2_ia64.deb http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody2_ia64.deb HPPA: http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody2_hppa.deb http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2_hppa.deb http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody2_hppa.deb Motorola 680x0: http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody2_m68k.deb http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2_m68k.deb http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody2_m68k.deb Big endian MIPS: http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody2_mips.deb http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2_mips.deb http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody2_mips.deb PowerPC: http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody2_powerpc.deb http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2_powerpc.deb http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody2_powerpc.deb IBM S/390: http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody2_s390.deb http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2_s390.deb http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody2_s390.deb Sun Sparc: http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody2_sparc.deb http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2_sparc.deb http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody2_sparc.deb Linux RedHat 9.0 SRPMS ftp://updates.redhat.com/9/en/os/SRPMS/mc-4.6.0-7.9.src.rpm i386 ftp://updates.redhat.com/9/en/os/i386/mc-4.6.0-7.9.i386.rpm Linux Mandrake 9.1 i386 ftp://ftp.rediris.es/mirror/mandrake/updates/9.1/RPMS/mutt-1.4.1i-1.2.91mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/9.1/SRPMS/mutt-1.4.1i-1.2.91mdk.src.rpm PPC ftp://ftp.rediris.es/mirror/mandrake/updates/ppc/9.1/RPMS/mutt-1.4.1i-1.2.91mdk.ppc.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/ppc/9.1/SRPMS/mutt-1.4.1i-1.2.91mdk.src.rpm Linux Mandrake 9.2 i386 ftp://ftp.rediris.es/mirror/mandrake/updates/9.2/RPMS/mutt-1.4.1i-3.1.92mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/9.2/SRPMS/mutt-1.4.1i-3.1.92mdk.src.rpm AMD64 ftp://ftp.rediris.es/mirror/mandrake/updates/amd64/9.2/RPMS/mutt-1.4.1i-3.1.92mdk.amd64.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/amd64/9.2/SRPMS/mutt-1.4.1i-3.1.92mdk.src.rpm Linux Mandrake Corporate Server 2.1 i386 ftp://ftp.rediris.es/mirror/mandrake/updates/corporate/2.1/RPMS/mutt-1.4.1i-1.2.C21mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/corporate/2.1/SRPMS/mutt-1.4.1i-1.2.C21mdk.src.rpm x86_64 ftp://ftp.rediris.es/mirror/mandrake/updates/x86_64/corporate/2.1/RPMS/mutt-1.4.1i-1.2.C21mdk.x86_64.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/x86_64/corporate/2.1/SRPMS/mutt-1.4.1i-1.2.C21mdk.src.rpm |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2003-1023 |
| BID | |
Other resources |
|
|
Debian Security Advisory DSA-424-1 http://www.debian.org/security/2004/dsa-424 RedHat Security Advisory RHSA-2004:034-03 https://rhn.redhat.com/errata/RHSA-2004-034.html MandrakeSoft Security Advisory MDKSA-2004:010 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:010 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2004-01-19 |