| commit | 6bdf50c5a5a30b45df04977e2e9caa83639de765 | |
| author | Slava Zanko <slavazanko@gmail.com> | |
| Fri, 5 Oct 2012 15:14:28 +0000 (5 18:14 +0300) | ||
| committer | Slava Zanko <slavazanko@gmail.com> | |
| Thu, 29 Nov 2012 10:20:47 +0000 (29 13:20 +0300) | ||
| tree | 26391eb6afaa7d8034df315787cde1b6758274f8 | treesnapshot (tar.gz zip) |
| parent | bf475ce339ac9d9722c705e1611289def8901259 | commitdiff |
Ticket #2913: CVE-2012-4463 mc-4.8.5: Does not sanitize MC_EXT_SELECTED variable properly
Paul Hartman reported the following (minor) security flaw into Gentoo's bugzilla:
https://bugs.gentoo.org/show_bug.cgi?id=436518
When multiple files are selected and F3 / Enter key is pressed on some of the files,
MC_EXT_SELECTED variable does not sanitize the whitespace characters properly
(leading into situation when first file is used as the actual value of MC_EXT_SELECTED
variable and the remaining files from the list are used as arguments passed to the
temporary script, created to handle F3 / Enter action on the first file).
A remote attacker could provide a specially-crafted archive and trick the local
Midnight Commander user into expanding and viewing it, which under certain
circumstances could lead to arbitrary code execution with the privileges of
the user running the mc executable.
Signed-off-by: Slava Zanko <slavazanko@gmail.com>
Paul Hartman reported the following (minor) security flaw into Gentoo's bugzilla:
https://bugs.gentoo.org/show_bug.cgi?id=436518
When multiple files are selected and F3 / Enter key is pressed on some of the files,
MC_EXT_SELECTED variable does not sanitize the whitespace characters properly
(leading into situation when first file is used as the actual value of MC_EXT_SELECTED
variable and the remaining files from the list are used as arguments passed to the
temporary script, created to handle F3 / Enter action on the first file).
A remote attacker could provide a specially-crafted archive and trick the local
Midnight Commander user into expanding and viewing it, which under certain
circumstances could lead to arbitrary code execution with the privileges of
the user running the mc executable.
Signed-off-by: Slava Zanko <slavazanko@gmail.com>
| tests/src/filemanager/Makefile.am | diffblobblamehistory | |
| tests/src/filemanager/exec_get_export_variables_ext.c | [new file with mode: 0644] | blob |