TUCoPS :: Linux :: Apps A-M
:: mc9.htm
Midnight Commander 4.5.51 directory bug
Vulnerability
Midnight Commander
Affected
Midnight Commander 4.5.51
Description
Michal Zalewski found following.
$ od -t x1 mcbug
0000000 03 14 77 04 0a
$ mkdir `cat mcbug`
$ mc
(try to view this directory - 'w' - 0x77 command will be executed;
longer commands might be used, as well)
Obviously, this attack requires privledged user interaction.
Midnight Commander won't display full name of the directory if
it's long enough, so these control characters can be easily
hidden.
Such problems in Midnight Commander seems to appear less or more
frequently. We are affraid that this pretty useful file manager
should not be used in multiuser systems, especially by root.
Solution
Workaround: well, only a code audit might help.