CVE-2021-36370
https://notcve.org/view.php?id=CVE-2021-36370
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity. Se ha detectado un problema en Midnight Commander versiones hasta 4.8.26. Cuando se establece una conexión SFTP, la huella digital del servidor no se comprueba ni se muestra. • https://docs.ssh-mitm.at/CVE-2021-36370.html https://github.com/MidnightCommander/mc/blob/5c1d3c55dd15356ec7d079084d904b7b0fd58d3e/src/vfs/sftpfs/connection.c#L484 https://github.com/MidnightCommander/mc/blob/master/src/vfs/sftpfs/connection.c https://mail.gnome.org/archives/mc-devel/2021-August/msg00008.html https://midnight-commander.org https://sourceforge.net/projects/mcwin32/files • CWE-287: Improper Authentication •
CVE-2005-0763
https://notcve.org/view.php?id=CVE-2005-0763
Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code. • http://www.debian.org/security/2005/dsa-698 http://www.redhat.com/support/errata/RHSA-2005-512.html https://access.redhat.com/security/cve/CVE-2005-0763 https://bugzilla.redhat.com/show_bug.cgi?id=1617578 •
CVE-1999-1337
https://notcve.org/view.php?id=CVE-1999-1337
FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges. • http://marc.info/?l=bugtraq&m=93370073207984&w=2 http://www.iss.net/security_center/static/9873.php http://www.osvdb.org/5921 •
CVE-1999-0480
https://notcve.org/view.php?id=CVE-1999-0480
Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack. • https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0480 •