PT-2005-1066 · Unknown+3 · Midnight Commander+2

Andrew V. Samoilov

Published

2005-01-22

Updated

2022-01-19

CVE-2004-1091

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Midnight Commander versions 4.5.55 and earlier mc versions 4.5.51 and earlier

Description The issue allows remote attackers to cause a denial of service by triggering a null dereference, potentially leading to disruption of confidentiality, integrity, and availability of protected information. Exploitation of the vulnerabilities can be carried out remotely.

Recommendations For Midnight Commander versions 4.5.55 and earlier, consider updating to a version later than 4.5.55 to resolve the issue. For mc versions 4.5.51 and earlier, consider updating to a version later than 4.5.51 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable Midnight Commander and mc packages until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2022-1068

ALT-PU-2022-1089

BDU:2015-06202

BDU:2015-06415

BDU:2015-06416

CVE-2004-1091

DSA-639-1

Affected Products

Alt Linux

Midnight Commander

PT-2005-1066 · Unknown+3 · Midnight Commander+2

CVE-2004-1091

Related Identifiers

Affected Products

References · 42