Date: Wed, 3 Oct 2012 11:36:30 -0400 (EDT) From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> Cc: oss-security@...ts.openwall.com Subject: CVE Request (minor) -- mc: Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files Hello Kurt, Steve, vendors, based on https://bugs.gentoo.org/show_bug.cgi?id=436518: A security flaw was found in the way Midnight Commander, a user-friendly text console file manager and visual shell, performed sanitization of MC_EXT_SELECTED environment variable when multiple files were selected (first selected file was used as actual content of the MC_EXT_SELECTED variable, while the remaining files were provided as arguments to the temporary script, handling the F3 / Enter key press event). A remote attacker could provide a specially-crafted archive that, when expanded and previewed by the victim could lead to arbitrary code execution with the privileges of the user running mc executable. References:  https://bugs.gentoo.org/show_bug.cgi?id=436518 Upstream ticket:  https://www.midnight-commander.org/ticket/2913 I need to confess this one is a bit on the border (the attack to succeed the victim would need to perform couple of steps), but basically the scenario is possible. Could you allocate a CVE id for this one? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ