Vulnerability CVE-2004-0226 - CERT Civis.Net

Vulnerability Name:

CVE-2004-0226 (CCN-16016)

Assigned:

2004-04-30

Published:

2004-04-30

Updated:

2017-07-11

Summary:

Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2004-0226

Source: CCN
Type: RHSA-2004-172
mc security update

Source: CCN
Type: RHSA-2004-173
Updated mc packages resolve several vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200405-21

Source: DEBIAN
Type: UNKNOWN
DSA-497

Source: DEBIAN
Type: DSA-497
mc -- several vulnerabilities

Source: CCN
Type: GLSA-200405-21
Midnight Commander: Multiple vulnerabilities

Source: CCN
Type: Midnight Commander Web site
GNU Midnight Commander File Manager

Source: CCN
Type: GLSA 200405-21
Midnight Commander: Multiple vulnerabilities

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:039

Source: SUSE
Type: UNKNOWN
SuSE-SA:2004:012

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:172

Source: CCN
Type: BID-10242
Midnight Commander Multiple Unspecified Vulnerabilities

Source: XF
Type: UNKNOWN
midnight-commander-local-privileges(16016)

Source: XF
Type: UNKNOWN
midnight-commander-local-privileges(16016)

Source: SUSE
Type: SUSE-SA:2004:012
mc: local privilege escalation

Vulnerable Configuration:

Configuration 1:

cpe:/a:midnight_commander:midnight_commander:4.5.40:*:*:*:*:*:*:*

OR cpe:/a:midnight_commander:midnight_commander:4.5.41:*:*:*:*:*:*:*

OR cpe:/a:midnight_commander:midnight_commander:4.5.42:*:*:*:*:*:*:*

OR cpe:/a:midnight_commander:midnight_commander:4.5.43:*:*:*:*:*:*:*

OR cpe:/a:midnight_commander:midnight_commander:4.5.44:*:*:*:*:*:*:*

OR cpe:/a:midnight_commander:midnight_commander:4.5.45:*:*:*:*:*:*:*

OR cpe:/a:midnight_commander:midnight_commander:4.5.46:*:*:*:*:*:*:*

OR cpe:/a:midnight_commander:midnight_commander:4.5.47:*:*:*:*:*:*:*

OR cpe:/a:midnight_commander:midnight_commander:4.5.48:*:*:*:*:*:*:*

OR cpe:/a:midnight_commander:midnight_commander:4.5.49:*:*:*:*:*:*:*

OR cpe:/a:midnight_commander:midnight_commander:4.5.50:*:*:*:*:*:*:*

OR cpe:/a:midnight_commander:midnight_commander:4.5.51:*:*:*:*:*:*:*

OR cpe:/a:midnight_commander:midnight_commander:4.5.52:*:*:*:*:*:*:*

OR cpe:/a:midnight_commander:midnight_commander:4.5.55:*:*:*:*:*:*:*

OR cpe:/a:midnight_commander:midnight_commander:4.6:*:*:*:*:*:*:*

OR cpe:/a:sgi:propack:2.3:*:*:*:*:*:*:*

OR cpe:/a:sgi:propack:2.4:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:gentoo:linux:0.5:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:0.7:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:1.1a:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:1.2:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:1.4:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:1.4:rc1:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:1.4:rc2:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:1.4:rc3:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:*:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20040226	V	CVE-2004-0226	2015-11-16
oval:org.debian:def:497	V	several vulnerabilities	2004-04-29