Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4463

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2012-4463
Last Modified 30 Jan 2013 12:00:00
Published 10 Oct 2012 02:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-4463

Summary

Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name.

Vulnerable Systems

Application

  • Midnight-commander Midnight Commander 4.8.5


References

MISC - https://www.midnight-commander.org/ticket/2913

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=862813

MISC - https://bugs.gentoo.org/show_bug.cgi?id=436518#c7

XF - midnight-commander-code-exec(79033)

BID - 55777

MLIST - [oss-security] 20121003 Re: CVE Request (minor) -- mc: Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files

MLIST - [oss-security] 20121003 CVE Request (minor) -- mc: Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files


Last Updated: 27 May 2016 11:00:56