Description
fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.
Product(s):
- Midnight Commander 4.5.40
- Midnight Commander 4.5.41
- Midnight Commander 4.5.42
- Midnight Commander 4.5.43
- Midnight Commander 4.5.44
- Midnight Commander 4.5.45
- Midnight Commander 4.5.46
- Midnight Commander 4.5.47
- Midnight Commander 4.5.48
- Midnight Commander 4.5.49
- Midnight Commander 4.5.50
- Midnight Commander 4.5.51
- Midnight Commander 4.5.52
- Midnight Commander 4.5.54
- Midnight Commander 4.5.55
- Midnight Commander 4.6
- Debian Debian Linux 3.0
- Debian Linux 3.0 on Alpha
- Debian Linux 3.0 on ARM
- Debian Linux 3.0 on HPPA
- Debian Linux 3.0 on IA-32
- Debian Linux 3.0 on IA-64
- Debian Linux 3.0 on M68k
- Debian Linux 3.0 on MIPS
- Debian Linux 3.0 on MIPSEL
- Debian Linux 3.0 on PPC
- Debian Linux 3.0 on S/390
- Debian Linux 3.0 on SPARC
- Gentoo Linux
- Gentoo Linux 1.2
- Gentoo Linux 1.4
- Gentoo Linux 1.4 -
- Gentoo Linux 1.4 rc1
- Gentoo Linux 1.4 rc2
- Gentoo Linux 1.4 rc3
- Gentoo Linux 2.1.30 r9
- Gentoo Linux 2.2.28 r7
- Gentoo Linux 2.3.30 r2
- Red Hat Enterprise Linux 2.1 Advanced Server
- Red Hat Enterprise Linux 2.1 Advanced Server IA64
- Red Hat Enterprise Linux 2.1 Workstation
- Red Hat Enterprise Linux 2.1 Workstation IA64
- Red Hat Linux Advanced Workstation 2.1 on IA64
- Red Hat Linux Advanced Workstation 2.1 on Itanium Processor
- SuSE SuSE Linux 8.0
- SUSE Linux 8.0 on i386
- SuSE SuSE Linux 8.0 alpha
- SuSE SuSE Linux 8.1
- SuSE SuSE Linux 8.2
- SuSE SuSE Linux 9.0
- Suse Suse Linux 9.0 Enterprise Server Edition
- SUSE Linux 9.0 x86_64
- SuSE SuSE Linux 9.1
- SuSE SuSE Linux 9.2
- Turbolinux Server 7.0
- Turbolinux Server 8.0
- Turbolinux Workstation 7.0
- Turbolinux Workstation 8.0
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-1175, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-1175 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.