Vulnerability Bulletins

int(782)

Vulnerability Bulletins

Múltiples vulnerabilidades en Midnight Commander
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Aumento de privilegios
Dificulty	Experto
Required attacker level	Acceso remoto con cuenta
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	Midnight Commander <4.6.0
Description
Se han descubierto múltiples vulnerabilidades en Midnight Commander. Las vulnerabilidades han sido clasificadas de la siguiente manera: CAN-2004-0226 - Desbordamientos de búfer CAN-2004-0231 - Creaciones inseguras de archivos y directorios temporales CAN-2004-0232 - Bugs de formato La explotación de estas vulnerabilidades podría permitir a un atacante local aumentar sus privilegios.
Solution
Actualización de software Debian Linux Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/n/neon/neon_0.19.3-2woody3.dsc http://security.debian.org/pool/updates/main/n/neon/neon_0.19.3-2woody3.diff.gz http://security.debian.org/pool/updates/main/n/neon/neon_0.19.3.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_alpha.deb http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_alpha.deb ARM http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_arm.deb http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_i386.deb http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_ia64.deb http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_ia64.deb HP Precision http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_hppa.deb http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_m68k.deb http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_mips.deb http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_mipsel.deb http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_powerpc.deb http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_s390.deb http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_sparc.deb http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_sparc.deb Mandrake Linux Mandrake Linux 9.1 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/mc-4.6.0-4.2.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/SRPMS/mc-4.6.0-4.2.91mdk.src.rpm PPC ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/mc-4.6.0-4.2.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/SRPMS/mc-4.6.0-4.2.91mdk.src.rpm Mandrake Linux 9.2 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/mc-4.6.0-4.2.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/mc-4.6.0-4.2.92mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/mc-4.6.0-4.2.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/mc-4.6.0-4.2.92mdk.src.rpm Mandrake Corporate Server 2.1 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/mc-4.6.0-4.2.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/mc-4.6.0-4.2.C21mdk.src.rpm x86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/mc-4.6.0-4.2.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/mc-4.6.0-4.2.C21mdk.src.rpm Mandrakelinux 10.0 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/mc-4.6.0-6.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/mc-4.6.0-6.1.100mdk.src.rpm RedHat Linux RedHat Linux 9 SRPMS ftp://updates.redhat.com/9/en/os/SRPMS/mc-4.6.0-14.9.src.rpm i386 ftp://updates.redhat.com/9/en/os/i386/mc-4.6.0-14.9.i386.rpm Red Hat Enterprise Linux AS (v. 2.1) SRPMS mc-4.5.51-36.3.src.rpm i386 gmc-4.5.51-36.3.i386.rpm mc-4.5.51-36.3.i386.rpm mcserv-4.5.51-36.3.i386.rpm ia64 gmc-4.5.51-36.3.ia64.rpm mc-4.5.51-36.3.ia64.rpm mcserv-4.5.51-36.3.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 2.1) SRPMS mc-4.5.51-36.3.src.rpm i386 gmc-4.5.51-36.3.i386.rpm mc-4.5.51-36.3.i386.rpm mcserv-4.5.51-36.3.i386.rpm https://rhn.redhat.com/ Red Hat Linux Advanced Workstation 2.1 Itanium Processor SRPMS mc-4.5.51-36.3.src.rpm ia64 gmc-4.5.51-36.3.ia64.rpm mc-4.5.51-36.3.ia64.rpm mcserv-4.5.51-36.3.ia64.rpm https://rhn.redhat.com/ SuSE Linux SuSE Linux 9.0 i386 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mc-4.6.0-327.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mc-4.6.0-327.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mc-4.6.0-327.src.rpm SuSE Linux 8.2 i386 ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mc-4.6.0-327.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mc-4.6.0-327.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/mc-4.6.0-327.src.rpm SuSE Linux 8.1 i386 ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/mc-4.5.55-758.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/mc-4.5.55-758.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/mc-4.5.55-758.src.rpm SuSE Linux 8.0 i386 ftp://ftp.suse.com/pub/suse/i386/update/8.0/ap1/mc-4.5.55-758.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/ap1/mc-4.5.55-758.i386.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/mc-4.5.55-758.src.rpm
Standar resources
Property	Value
CVE	CAN-2004-0226 CAN-2004-0231 CAN-2004-0232
BID
Other resources
Debian Security Advisory DSA 497-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00097.html MandrakeSoft Security Advisory MDKSA-2004:039 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:039 RedHat Security Advisory RHSA-2004:173-05 https://rhn.redhat.com/errata/RHSA-2004-173.html RedHat Security Advisory RHSA-2004:172-06 https://rhn.redhat.com/errata/RHSA-2004-172.html SUSE Security Announcement SuSE-SA:2004:012 http://www.suse.de/de/security/2004_12_mc.html

Version history
Version	Comments	Date
1.0	Aviso emitido	2004-04-30
1.1	Aviso emitido por RedHat (RHSA-2004:173-05)	2004-05-03
1.2	Aviso emitido por SuSE (SuSE-SA:2004:012)	2004-05-17
1.3	Aviso emitido por Red Hat (RHSA-2004:172-06)	2004-05-21

Vulnerability Bulletins

Múltiples vulnerabilidades en Midnight Commander

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history