CVE-2004-1175

Name of the Vulnerable Software and Affected Versions midnight commander versions 4.5.51 mc versions 4.5.51 mcserv versions 4.5.51 gmc versions 4.5.51

Description The issue allows remote attackers to execute arbitrary programs, potentially using shell metacharacters, due to insecure filename quoting in fish.c. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out remotely.

Recommendations For midnight commander version 4.5.51, consider disabling the vulnerable fish.c component until a patch is available. For mc version 4.5.51, restrict access to the vulnerable module to minimize the risk of exploitation. For mcserv version 4.5.51, avoid using potentially insecure filename quoting in the affected API endpoints until the issue is resolved. For gmc version 4.5.51, as a temporary workaround, consider restricting the use of the vulnerable package to minimize the risk of exploitation.