Debian Security Advisory

DSA-036-1 Midnight Commander -- arbitrary program execution

Date Reported:

07 Mar 2001

Affected Packages:

mc, gmc

Vulnerable:

Yes

Security database references:

In the Bugtraq database (at SecurityFocus): BugTraq ID 2016.
In Mitre's CVE dictionary: CVE-2000-1109.

More information:

It has been reported that a local user could tweak Midnight Commander of another user into executing an arbitrary program under the user id of the person running Midnight Commander. This behaviour has been fixed by Andrew V. Samoilov.

We recommend you upgrade your mc package.

Fixed in:

Debian 2.2 (potato)

Source:: http://security.debian.org/dists/stable/updates/main/source/mc_4.5.42-11.potato.6.diff.gz; http://security.debian.org/dists/stable/updates/main/source/mc_4.5.42-11.potato.6.dsc; http://security.debian.org/dists/stable/updates/main/source/mc_4.5.42.orig.tar.gz
alpha:: http://security.debian.org/dists/stable/updates/main/binary-alpha/gmc_4.5.42-11.potato.6_alpha.deb; http://security.debian.org/dists/stable/updates/main/binary-alpha/mc-common_4.5.42-11.potato.6_alpha.deb; http://security.debian.org/dists/stable/updates/main/binary-alpha/mc_4.5.42-11.potato.6_alpha.deb
arm:: http://security.debian.org/dists/stable/updates/main/binary-arm/gmc_4.5.42-11.potato.6_arm.deb; http://security.debian.org/dists/stable/updates/main/binary-arm/mc-common_4.5.42-11.potato.6_arm.deb; http://security.debian.org/dists/stable/updates/main/binary-arm/mc_4.5.42-11.potato.6_arm.deb
i386:: http://security.debian.org/dists/stable/updates/main/binary-i386/gmc_4.5.42-11.potato.6_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/mc-common_4.5.42-11.potato.6_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/mc_4.5.42-11.potato.6_i386.deb
m68k:: http://security.debian.org/dists/stable/updates/main/binary-m68k/gmc_4.5.42-11.potato.6_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/mc-common_4.5.42-11.potato.6_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/mc_4.5.42-11.potato.6_m68k.deb
powerpc:: http://security.debian.org/dists/stable/updates/main/binary-powerpc/gmc_4.5.42-11.potato.6_powerpc.deb; http://security.debian.org/dists/stable/updates/main/binary-powerpc/mc-common_4.5.42-11.potato.6_powerpc.deb; http://security.debian.org/dists/stable/updates/main/binary-powerpc/mc_4.5.42-11.potato.6_powerpc.deb
sparc:: http://security.debian.org/dists/stable/updates/main/binary-sparc/gmc_4.5.42-11.potato.6_sparc.deb; http://security.debian.org/dists/stable/updates/main/binary-sparc/mc-common_4.5.42-11.potato.6_sparc.deb; http://security.debian.org/dists/stable/updates/main/binary-sparc/mc_4.5.42-11.potato.6_sparc.deb