安全研究
安全漏洞
Midnight Commander多个未明安全漏洞
发布日期:2004-04-30
更新日期:2004-05-08
受影响系统:
Midnight Commander Midnight Commander 4.6描述:
Midnight Commander Midnight Commander 4.5.52
Midnight Commander Midnight Commander 4.5.51
Midnight Commander Midnight Commander 4.5.50
Midnight Commander Midnight Commander 4.5.49
Midnight Commander Midnight Commander 4.5.48
Midnight Commander Midnight Commander 4.5.47
Midnight Commander Midnight Commander 4.5.46
Midnight Commander Midnight Commander 4.5.45
Midnight Commander Midnight Commander 4.5.44
Midnight Commander Midnight Commander 4.5.43
Midnight Commander Midnight Commander 4.5.42
Midnight Commander Midnight Commander 4.5.41
Midnight Commander Midnight Commander 4.5.40
Midnight Commander Midnight Commander 4.5.55
- Conectiva Linux 9.0
- Conectiva Linux 8.0
- Debian Linux 3.0
- Mandrake Linux 9.2
- Mandrake Linux 9.1
- Mandrake Linux 9.0
- RedHat Enterprise Linux WS 3
- RedHat Enterprise Linux WS 2.1
- RedHat Enterprise Linux ES 3
- RedHat Enterprise Linux ES 2.1
- RedHat Enterprise Linux AS 3
- RedHat Enterprise Linux AS 2.1
BUGTRAQ ID: 10242
CVE(CAN) ID: CVE-2004-0226,CVE-2004-0231,CVE-2004-0232
Midnight Commander是一款强大的GNU/LINUX系统的文件管理器。
Midnight Commander存在多个未明漏洞,远程攻击者可以利用这些漏洞进行缓冲区溢出,进行符号连接攻击及拒绝服务等攻击。
Midnight Commander存在缓冲区溢出,不安全建立文件和目录及格式串问题,目前没有详细漏洞细节提供。
<*来源:Jacub Jelinek
链接:http://www.debian.org/security/2004/dsa-497
https://www.redhat.com/support/errata/RHSA-2004-173.html
http://www.linux-mandrake.com/en/security/2004/2004-039.php
*>
建议:
厂商补丁:
Debian
------
http://www.debian.org/security/2004/dsa-497
MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2004:039)以及相应补丁:
MDKSA-2004:039:Updated mc packages fix vulnerabilities
链接:http://www.linux-mandrake.com/en/security/2004/2004-039.php
补丁下载:
Updated Packages:
Mandrakelinux 10.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/mc-4.6.0-6.1.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/SRPMS/mc-4.6.0-6.1.100mdk.src.rpm
Corporate Server 2.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/mc-4.6.0-4.2.C21mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/SRPMS/mc-4.6.0-4.2.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/mc-4.6.0-4.2.C21mdk.x86_64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/SRPMS/mc-4.6.0-4.2.C21mdk.src.rpm
Mandrakelinux 9.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/mc-4.6.0-4.2.91mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/SRPMS/mc-4.6.0-4.2.91mdk.src.rpm
Mandrakelinux 9.1/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/mc-4.6.0-4.2.91mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/SRPMS/mc-4.6.0-4.2.91mdk.src.rpm
Mandrakelinux 9.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/mc-4.6.0-4.2.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/SRPMS/mc-4.6.0-4.2.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/mc-4.6.0-4.2.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/SRPMS/mc-4.6.0-4.2.92mdk.src.rpm
上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
http://www.mandrakesecure.net/en/ftp.php
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2004:173-00)以及相应补丁:
RHSA-2004:173-00:Updated mc packages resolve several vulnerabilities
链接:https://www.redhat.com/support/errata/RHSA-2004-173.html
补丁下载:
Fedora Upgrade mc-4.6.0-14.10.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386/mc-4.6.0-14.10.i386.rpm
Fedora Upgrade mc-debuginfo-4.6.0-14.10.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386/debug/mc-debuginfo-4.6.0-14.10.i386.rpm
Fedora Upgrade mc-4.6.0-14.10.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/x86_64/mc-4.6.0-14.10.x86_64.rpm
Fedora Upgrade mc-debuginfo-4.6.0-14.10.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/x86_64/debug/mc-debuginfo-4.6.0-14.10.x86_64.rpm
浏览次数:3558
严重程度:0(网友投票)
绿盟科技给您安全的保障