Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE Request (minor) -- mc: Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 3 Oct 2012 11:36:30 -0400 (EDT)

Hello Kurt, Steve, vendors,

  based on https://bugs.gentoo.org/show_bug.cgi?id=436518:

A security flaw was found in the way Midnight Commander,
a user-friendly text console file manager and visual
shell, performed sanitization of MC_EXT_SELECTED
environment variable when multiple files were selected
(first selected file was used as actual content of the
MC_EXT_SELECTED variable, while the remaining files were
provided as arguments to the temporary script, handling
the F3 / Enter key press event). A remote attacker could
provide a specially-crafted archive that, when expanded
and previewed by the victim could lead to arbitrary code
execution with the privileges of the user running mc
executable.

References:
[1] https://bugs.gentoo.org/show_bug.cgi?id=436518

Upstream ticket:
[2] https://www.midnight-commander.org/ticket/2913

I need to confess this one is a bit on the border
(the attack to succeed the victim would need to
perform couple of steps), but basically the scenario
is possible.

Could you allocate a CVE id for this one?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault