QwikSec

Security Database

CVE

CWE

Training

CVE-2012-4463

Published: Oct 10, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20121003 Re: CVE Request (minor) -- mc: Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files

mailing-list

x_refsource_MLIST

https://www.midnight-commander.org/ticket/2913

x_refsource_MISC

https://bugs.gentoo.org/show_bug.cgi?id=436518#c7

x_refsource_MISC

[oss-security] 20121003 CVE Request (minor) -- mc: Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files

mailing-list

x_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=862813

x_refsource_MISC

vdb-entry

x_refsource_BID

midnight-commander-code-exec(79033)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.