Vulnerabilities > CVE-2000-1108 - Unspecified vulnerability in Midnight Commander Midnight Commander 4.5.42

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument.

Vulnerable Configurations

Part Description Count
Application
Midnight_Commander
1

Nessus

NASL familyMandriva Local Security Checks
NASL idMANDRAKE_MDKSA-2000-078.NASL
descriptionA problem was found in the cons.saver program by Maurycy Prodeus. The cons.saver program is a screensaver for the console that is included in the mc package. cons.saver does not check if it is started with a valid stdout, which combined with a bug in its check to see if its argument is a tty (it forgets to close the file-descriptor after opening the supposed tty), causes it to write a NULL character to the file given as its parameter.
last seen2020-06-01
modified2020-06-02
plugin id61864
published2012-09-06
reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/61864
titleMandrake Linux Security Advisory : mc (MDKSA-2000:078)
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2000:078. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(61864);
  script_version("1.5");
  script_cvs_date("Date: 2019/08/02 13:32:46");

  script_cve_id("CVE-2000-1108");
  script_xref(name:"MDKSA", value:"2000:078");

  script_name(english:"Mandrake Linux Security Advisory : mc (MDKSA-2000:078)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A problem was found in the cons.saver program by Maurycy Prodeus. The
cons.saver program is a screensaver for the console that is included
in the mc package. cons.saver does not check if it is started with a
valid stdout, which combined with a bug in its check to see if its
argument is a tty (it forgets to close the file-descriptor after
opening the supposed tty), causes it to write a NULL character to the
file given as its parameter."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected gmc, mc and / or mcserv packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gmc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mcserv");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:6.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:6.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2000/12/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK6.0", cpu:"i386", reference:"gmc-4.5.31-14.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK6.0", cpu:"i386", reference:"mc-4.5.31-14.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK6.0", cpu:"i386", reference:"mcserv-4.5.31-14.1mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK6.1", cpu:"i386", reference:"gmc-4.5.38-4.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK6.1", cpu:"i386", reference:"mc-4.5.38-4.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK6.1", cpu:"i386", reference:"mcserv-4.5.38-4.1mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK7.0", cpu:"i386", reference:"gmc-4.5.42-4.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.0", cpu:"i386", reference:"mc-4.5.42-4.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.0", cpu:"i386", reference:"mcserv-4.5.42-4.1mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"gmc-4.5.46-1.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"mc-4.5.46-1.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"mcserv-4.5.46-1.1mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"gmc-4.5.51-7.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"mc-4.5.51-7.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"mcserv-4.5.51-7.1mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");