Vulnerability in Gentoo Linux
CVE-2004-1175
fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.
EPSS: 0.016 (73.0th percentile) — read the EPSS interpretation.
Affected products
- Gentoo Linux
- Midnight_commander — versions 4.5.40, 4.5.41, 4.5.42
- Turbolinux Turbolinux_server — versions 7.0, 8.0
- Turbolinux Turbolinux_workstation — versions 7.0, 8.0
- Debian Debian_linux — versions 3.0
- Redhat Enterprise_linux — versions 2.1
- Redhat Linux_advanced_workstation — versions 2.1
- Suse Suse_linux — versions 8.0, 8.1, 8.2
- N/a — versions n/a
References
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (Patch, x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cve@mitre.org (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (vendor-advisory, Patch, x_refsource_DEBIAN, Vendor Advisory)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory)