CVE-2004-1175

Description

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

Affected products

• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• gentoo / linux
• midnight_commander / midnight_commander4.5.54 – 4.5.54
• midnight_commander / midnight_commander4.5.55 – 4.5.55
• midnight_commander / midnight_commander4.6 – 4.6
• midnight_commander / midnight_commander4.5.50 – 4.5.50
• midnight_commander / midnight_commander4.5.41 – 4.5.41
• midnight_commander / midnight_commander4.5.42 – 4.5.42
• midnight_commander / midnight_commander4.5.43 – 4.5.43
• midnight_commander / midnight_commander4.5.44 – 4.5.44
• midnight_commander / midnight_commander4.5.45 – 4.5.45
• midnight_commander / midnight_commander4.5.46 – 4.5.46
• midnight_commander / midnight_commander4.5.47 – 4.5.47
• midnight_commander / midnight_commander4.5.48 – 4.5.48
• midnight_commander / midnight_commander4.5.49 – 4.5.49
• midnight_commander / midnight_commander4.5.40 – 4.5.40
• midnight_commander / midnight_commander4.5.51 – 4.5.51
• midnight_commander / midnight_commander4.5.52 – 4.5.52
• RedHat / enterprise_linux2.1 – 2.1
• RedHat / enterprise_linux2.1 – 2.1
• RedHat / enterprise_linux2.1 – 2.1
• RedHat / enterprise_linux2.1 – 2.1
• RedHat / linux_advanced_workstation2.1 – 2.1
• RedHat / linux_advanced_workstation2.1 – 2.1
• SUSE / suse_linux8.0 – 8.0
• SUSE / suse_linux8.0 – 8.0
• SUSE / suse_linux8.1 – 8.1
• SUSE / suse_linux8.2 – 8.2
• SUSE / suse_linux9.0 – 9.0
• SUSE / suse_linux9.0 – 9.0
• SUSE / suse_linux9.1 – 9.1
• SUSE / suse_linux9.2 – 9.2
• turbolinux / turbolinux_server7.0 – 7.0
• turbolinux / turbolinux_server8.0 – 8.0
• turbolinux / turbolinux_workstation7.0 – 7.0
• turbolinux / turbolinux_workstation8.0 – 8.0

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/18906
• VENDOR_ADVISORYhttp://secunia.com/advisories/13863/
• MISChttp://securitytracker.com/id?1012903
• VENDOR_ADVISORYhttp://www.debian.org/security/2005/dsa-639
• MISChttp://www.redhat.com/support/errata/RHSA-2005-512.html