Date: Wed, 03 Oct 2012 10:16:55 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Jan Lieskovsky <jlieskov@...hat.com>, "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE Request (minor) -- mc: Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/03/2012 09:36 AM, Jan Lieskovsky wrote: > Hello Kurt, Steve, vendors, > > based on https://bugs.gentoo.org/show_bug.cgi?id=436518: > > A security flaw was found in the way Midnight Commander, a > user-friendly text console file manager and visual shell, performed > sanitization of MC_EXT_SELECTED environment variable when multiple > files were selected (first selected file was used as actual content > of the MC_EXT_SELECTED variable, while the remaining files were > provided as arguments to the temporary script, handling the F3 / > Enter key press event). A remote attacker could provide a > specially-crafted archive that, when expanded and previewed by the > victim could lead to arbitrary code execution with the privileges > of the user running mc executable. > > References:  https://bugs.gentoo.org/show_bug.cgi?id=436518 > > Upstream ticket:  > https://www.midnight-commander.org/ticket/2913 > > I need to confess this one is a bit on the border (the attack to > succeed the victim would need to perform couple of steps), but > basically the scenario is possible. > > Could you allocate a CVE id for this one? > > Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat > Security Response Team > Please use CVE-2012-4463 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQbGT3AAoJEBYNRVNeJnmTf8sP/RyUYgYHf3jmD2a2oc5uVAUs PPq6og4xh9aXAcwuArLx6xWai/hhI+/ASVFmuPp3pFUGfIheWpxEnf+aAeb9bN7/ jtmW06jI0kTC2QijRcHvPicAMgriSiyNgPG/oDDWdOm+CHGGyciklmvXbpRlWXti HFClwLzgJ6SgmG4YsTRobGKZk5EMb1y+rsgQVCROkY65aRxSALEjL3R8fY6q9AmT bDJ4oG/Tq+lr/9u89MEvnP4qIuAYLNEPS43CLS3OkWQ8H3nzOir86xnmdMa9MywC cPYSbFPEqROI91qq5S0DmSbUrBOv06/p5hPXFGABvynHHn1hf5tHt+jRogEApBJk Ydt95W9585/gCFRijJao9/RaEqDSr1/E3LkzWZwzxGCo0UGqIt7G7kdB8GbkMm/b WkGZS5ExsT63L9y7e5b8+kK6M/GMtg6o7DIsz9l8JT71MQqN6Qcv1SXGu+J00/L3 VZ9TGo+/YPW+h9pQ9g75+7cOlEYTFhRJ0gcm9wT71wlSAPKn8/RtKgH0YIJ7wW70 ChXqcpnjeqbSO78UP9Rb8o7sota9CAKC7D9kAT+LnfLLIQeUM5ZG9jkDbv7AFXgp B9RmkeXTgAYa5B2P3jMfCKK9F2/IXIFwjgwqmYfYt5vhLMkPGAgPHJJ9Ru0+FyWy zNs7vP5Va1Br87BKmYKM =9gaA -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.