Vulnerability Details CVE-2000-1109
Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories that contain special characters followed by the commands to be executed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.8%
CVSS Severity
CVSS v2 Score 4.6
References
- http://archives.neohapsis.com/archives/bugtraq/2000-11/0373.html
- http://www.debian.org/security/2001/dsa-036
- http://www.novell.com/linux/security/advisories/2001_011_mc.html
- http://www.securityfocus.com/bid/2016
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5929
- http://archives.neohapsis.com/archives/bugtraq/2000-11/0373.html
- http://www.debian.org/security/2001/dsa-036
- http://www.novell.com/linux/security/advisories/2001_011_mc.html
- http://www.securityfocus.com/bid/2016
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5929
Products affected by CVE-2000-1109
-
cpe:2.3:a:midnight_commander:midnight_commander:4.5.40
-
cpe:2.3:a:midnight_commander:midnight_commander:4.5.41
-
cpe:2.3:a:midnight_commander:midnight_commander:4.5.42
-
cpe:2.3:a:midnight_commander:midnight_commander:4.5.43
-
cpe:2.3:a:midnight_commander:midnight_commander:4.5.44
-
cpe:2.3:a:midnight_commander:midnight_commander:4.5.45
-
cpe:2.3:a:midnight_commander:midnight_commander:4.5.46
-
cpe:2.3:a:midnight_commander:midnight_commander:4.5.47
-
cpe:2.3:a:midnight_commander:midnight_commander:4.5.48
-
cpe:2.3:a:midnight_commander:midnight_commander:4.5.49
-
cpe:2.3:a:midnight_commander:midnight_commander:4.5.50
-
cpe:2.3:a:midnight_commander:midnight_commander:4.5.51