LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 18th, 2014
Linux Advisory Watch: July 13th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: 'mc' vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Debian It has been reported that a local user could tweak Midnight Commander of another user into executing a random program under the user id of the person running Midnight Commander.

----------------------------------------------------------------------------
Debian Security Advisory DSA-036-1                       security@debian.org 
http://www.debian.org/security/                               Martin Schulze
March 7, 2001
----------------------------------------------------------------------------

Package        : mc
Vulnerability  : random program execution
Type           : local
Debian-specific: no
Fixed version  : 4.5.42-11.potato.6

It has been reported that a local user could tweak Midnight Commander
of another user into executing a random program under the user id of
the person running Midnight Commander.  This behaviour has been fixed
by Andrew V. Samoilov.

We recommend you upgrade your mc package.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
------------------------------------

  Potato was released for the alpha, arm, i386, m68k, powerpc and sparc
  architectures.


  Source archives:

     http://security.debian.org/dists/stable/updates/main/source/mc_4.5.42-11.potato.6.diff.gz
      MD5 checksum: bd8823e83ef37ada13ad7fc4ca3479c8
     http://security.debian.org/dists/stable/updates/main/source/mc_4.5.42-11.potato.6.dsc
      MD5 checksum: c0e84f877cc4b4da15269811f1a538b4
     http://security.debian.org/dists/stable/updates/main/source/mc_4.5.42.orig.tar.gz
      MD5 checksum: 0d2e63dd4b0c0a3d4d6c5933187ba222

  Intel ia32 architecture:

     http://security.debian.org/dists/stable/updates/main/binary-i386/gmc_4.5.42-11.potato.6_i386.deb
      MD5 checksum: 2d2eb51e9ae833b605fc54711cd229fc
     http://security.debian.org/dists/stable/updates/main/binary-i386/mc-common_4.5.42-11.potato.6_i386.deb
      MD5 checksum: 45d65de62f5d7af29cf2ef3b9ab56fd8
     http://security.debian.org/dists/stable/updates/main/binary-i386/mc_4.5.42-11.potato.6_i386.deb
      MD5 checksum: c58a97f08556e18b6d7f4ff657aa62b0

  Motorola 680x0 architecture:

     http://security.debian.org/dists/stable/updates/main/binary-m68k/gmc_4.5.42-11.potato.6_m68k.deb
      MD5 checksum: 081bbbf191842c7d404fd3e62afa0f7a
     http://security.debian.org/dists/stable/updates/main/binary-m68k/mc-common_4.5.42-11.potato.6_m68k.deb
      MD5 checksum: 861d25b2ef64d7d6adaa4e3a43813ac6
     http://security.debian.org/dists/stable/updates/main/binary-m68k/mc_4.5.42-11.potato.6_m68k.deb
      MD5 checksum: 574ef9ba296219900dc03463395c5171

  Sun Sparc architecture:

     http://security.debian.org/dists/stable/updates/main/binary-sparc/gmc_4.5.42-11.potato.6_sparc.deb
      MD5 checksum: b435261f1f200c7058df7f400927453a
     http://security.debian.org/dists/stable/updates/main/binary-sparc/mc-common_4.5.42-11.potato.6_sparc.deb
      MD5 checksum: 71809b28c58361a6864985d3ce4e3e63
     http://security.debian.org/dists/stable/updates/main/binary-sparc/mc_4.5.42-11.potato.6_sparc.deb
      MD5 checksum: b1e4af8190f56d0548ca4bdff0136fbf

  Alpha architecture:

     http://security.debian.org/dists/stable/updates/main/binary-alpha/gmc_4.5.42-11.potato.6_alpha.deb
      MD5 checksum: 7aa3bfac0ebf2e6c0cde6dc135d034e5
     http://security.debian.org/dists/stable/updates/main/binary-alpha/mc-common_4.5.42-11.potato.6_alpha.deb
      MD5 checksum: d97fffed31c62ef9d57a7887f89d8bb9
     http://security.debian.org/dists/stable/updates/main/binary-alpha/mc_4.5.42-11.potato.6_alpha.deb
      MD5 checksum: 3afa82d8e80787dc981d0b4e38ecd848

  PowerPC architecture:

     http://security.debian.org/dists/stable/updates/main/binary-powerpc/gmc_4.5.42-11.potato.6_powerpc.deb
      MD5 checksum: 32d8962f6bcb84b1ac85888a814e3030
     http://security.debian.org/dists/stable/updates/main/binary-powerpc/mc-common_4.5.42-11.potato.6_powerpc.deb
      MD5 checksum: 7c73edf0a6eb656b61688a636f8bd9de
     http://security.debian.org/dists/stable/updates/main/binary-powerpc/mc_4.5.42-11.potato.6_powerpc.deb
      MD5 checksum: c2a93b28fe53d9fb8f795382b5714b6c

  ARM architecture:

     http://security.debian.org/dists/stable/updates/main/binary-arm/mc_4.5.42-11.potato.6_arm.deb
      MD5 checksum: 768f61217a7d020855b6b459c48abd45
     http://security.debian.org/dists/stable/updates/main/binary-arm/gmc_4.5.42-11.potato.6_arm.deb
      MD5 checksum: 051f01146c5053964039cf04b87365a1
     http://security.debian.org/dists/stable/updates/main/binary-arm/mc-common_4.5.42-11.potato.6_arm.deb
      MD5 checksum: 023a2ee7f0915319fd33d9e5008533ec


  These files will be moved into
   ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.

For not yet released architectures please refer to the appropriate
directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

----------------------------------------------------------------------------
For apt-get: deb  http://security.debian.org/ stable/updates main
For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Home router security holes to be exposed at Def Con 22 hacker meet up
Edward Snowden Calls on Hackers to Help Whistleblowers Leak More Secrets
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.