Aviso de seguridad de Debian

DSA-036-1 Midnight Commander -- ejecución de programa arbitrario

Fecha del informe:
7 de mar de 2001
Paquetes afectados:
mc, gmc
Vulnerable:
Referencias a bases de datos de seguridad:
En la base de datos de Bugtraq (en SecurityFocus): Id. en BugTraq 2016.
En el diccionario CVE de Mitre: CVE-2000-1109.
Información adicional:
Se ha informado que un usuario puede hacer que el Midnight Commander de otro usuario ejecute un programa arbitrario como si lo ejecutara el usuario que usa Midnight Commander. Este comportamiento ya ha sido corregido por Andrew V. Samoilov.

Le recomendamos que actualice su paquete mc.

Arreglado en:

Debian 2.2 (potato)

Fuentes:
http://security.debian.org/dists/stable/updates/main/source/mc_4.5.42-11.potato.6.diff.gz
http://security.debian.org/dists/stable/updates/main/source/mc_4.5.42-11.potato.6.dsc
http://security.debian.org/dists/stable/updates/main/source/mc_4.5.42.orig.tar.gz
alpha:
http://security.debian.org/dists/stable/updates/main/binary-alpha/gmc_4.5.42-11.potato.6_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/mc-common_4.5.42-11.potato.6_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/mc_4.5.42-11.potato.6_alpha.deb
arm:
http://security.debian.org/dists/stable/updates/main/binary-arm/gmc_4.5.42-11.potato.6_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/mc-common_4.5.42-11.potato.6_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/mc_4.5.42-11.potato.6_arm.deb
i386:
http://security.debian.org/dists/stable/updates/main/binary-i386/gmc_4.5.42-11.potato.6_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/mc-common_4.5.42-11.potato.6_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/mc_4.5.42-11.potato.6_i386.deb
m68k:
http://security.debian.org/dists/stable/updates/main/binary-m68k/gmc_4.5.42-11.potato.6_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/mc-common_4.5.42-11.potato.6_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/mc_4.5.42-11.potato.6_m68k.deb
powerpc:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/gmc_4.5.42-11.potato.6_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/mc-common_4.5.42-11.potato.6_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/mc_4.5.42-11.potato.6_powerpc.deb
sparc:
http://security.debian.org/dists/stable/updates/main/binary-sparc/gmc_4.5.42-11.potato.6_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/mc-common_4.5.42-11.potato.6_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/mc_4.5.42-11.potato.6_sparc.deb