Debian: 'mc' vulnerability

    Date07 Mar 2001
    CategoryDebian
    2394
    Posted ByLinuxSecurity Advisories
    It has been reported that a local user could tweak Midnight Commander of another user into executing a random program under the user id of the person running Midnight Commander.
    
    ----------------------------------------------------------------------------
    Debian Security Advisory DSA-036-1                       This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                               Martin Schulze
    March 7, 2001
    ----------------------------------------------------------------------------
    
    Package        : mc
    Vulnerability  : random program execution
    Type           : local
    Debian-specific: no
    Fixed version  : 4.5.42-11.potato.6
    
    It has been reported that a local user could tweak Midnight Commander
    of another user into executing a random program under the user id of
    the person running Midnight Commander.  This behaviour has been fixed
    by Andrew V. Samoilov.
    
    We recommend you upgrade your mc package.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 2.2 alias potato
    ------------------------------------
    
      Potato was released for the alpha, arm, i386, m68k, powerpc and sparc
      architectures.
    
    
      Source archives:
    
         http://security.debian.org/dists/stable/updates/main/source/mc_4.5.42-11.potato.6.diff.gz
          MD5 checksum: bd8823e83ef37ada13ad7fc4ca3479c8
         http://security.debian.org/dists/stable/updates/main/source/mc_4.5.42-11.potato.6.dsc
          MD5 checksum: c0e84f877cc4b4da15269811f1a538b4
         http://security.debian.org/dists/stable/updates/main/source/mc_4.5.42.orig.tar.gz
          MD5 checksum: 0d2e63dd4b0c0a3d4d6c5933187ba222
    
      Intel ia32 architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-i386/gmc_4.5.42-11.potato.6_i386.deb
          MD5 checksum: 2d2eb51e9ae833b605fc54711cd229fc
         http://security.debian.org/dists/stable/updates/main/binary-i386/mc-common_4.5.42-11.potato.6_i386.deb
          MD5 checksum: 45d65de62f5d7af29cf2ef3b9ab56fd8
         http://security.debian.org/dists/stable/updates/main/binary-i386/mc_4.5.42-11.potato.6_i386.deb
          MD5 checksum: c58a97f08556e18b6d7f4ff657aa62b0
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-m68k/gmc_4.5.42-11.potato.6_m68k.deb
          MD5 checksum: 081bbbf191842c7d404fd3e62afa0f7a
         http://security.debian.org/dists/stable/updates/main/binary-m68k/mc-common_4.5.42-11.potato.6_m68k.deb
          MD5 checksum: 861d25b2ef64d7d6adaa4e3a43813ac6
         http://security.debian.org/dists/stable/updates/main/binary-m68k/mc_4.5.42-11.potato.6_m68k.deb
          MD5 checksum: 574ef9ba296219900dc03463395c5171
    
      Sun Sparc architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-sparc/gmc_4.5.42-11.potato.6_sparc.deb
          MD5 checksum: b435261f1f200c7058df7f400927453a
         http://security.debian.org/dists/stable/updates/main/binary-sparc/mc-common_4.5.42-11.potato.6_sparc.deb
          MD5 checksum: 71809b28c58361a6864985d3ce4e3e63
         http://security.debian.org/dists/stable/updates/main/binary-sparc/mc_4.5.42-11.potato.6_sparc.deb
          MD5 checksum: b1e4af8190f56d0548ca4bdff0136fbf
    
      Alpha architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-alpha/gmc_4.5.42-11.potato.6_alpha.deb
          MD5 checksum: 7aa3bfac0ebf2e6c0cde6dc135d034e5
         http://security.debian.org/dists/stable/updates/main/binary-alpha/mc-common_4.5.42-11.potato.6_alpha.deb
          MD5 checksum: d97fffed31c62ef9d57a7887f89d8bb9
         http://security.debian.org/dists/stable/updates/main/binary-alpha/mc_4.5.42-11.potato.6_alpha.deb
          MD5 checksum: 3afa82d8e80787dc981d0b4e38ecd848
    
      PowerPC architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/gmc_4.5.42-11.potato.6_powerpc.deb
          MD5 checksum: 32d8962f6bcb84b1ac85888a814e3030
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/mc-common_4.5.42-11.potato.6_powerpc.deb
          MD5 checksum: 7c73edf0a6eb656b61688a636f8bd9de
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/mc_4.5.42-11.potato.6_powerpc.deb
          MD5 checksum: c2a93b28fe53d9fb8f795382b5714b6c
    
      ARM architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-arm/mc_4.5.42-11.potato.6_arm.deb
          MD5 checksum: 768f61217a7d020855b6b459c48abd45
         http://security.debian.org/dists/stable/updates/main/binary-arm/gmc_4.5.42-11.potato.6_arm.deb
          MD5 checksum: 051f01146c5053964039cf04b87365a1
         http://security.debian.org/dists/stable/updates/main/binary-arm/mc-common_4.5.42-11.potato.6_arm.deb
          MD5 checksum: 023a2ee7f0915319fd33d9e5008533ec
    
    
      These files will be moved into
       ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.
    
    For not yet released architectures please refer to the appropriate
    directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
    
    ----------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.