CVE-2012-4463
Gentoo Linux Security Advisory 201402-18
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name.
Midnight Commander (mc) v4.8.5 no gestiona de forma adecuada las variables de entorno (1) MC_EXT_SELECTED o (2) MC_EXT_ONLYTAGGED cuando se seleccionan varios ficheros, lo que permite a atacantes remotos asistidos por los usuarios a ejecutar comandos a través de un nombre de fichero manipulado.
GNU Midnight Commander does not properly sanitize environment variables, possibly resulting in execution of arbitrary code or Denial of Service. Versions less than 4.8.7 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-08-21 CVE Reserved
- 2012-10-10 CVE Published
- 2023-08-31 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/10/03/4 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2012/10/03/5 | Mailing List |
|
| http://www.securityfocus.com/bid/55777 | Vdb Entry | |
| https://bugs.gentoo.org/show_bug.cgi?id=436518#c7 | X_refsource_misc | |
| https://bugzilla.redhat.com/show_bug.cgi?id=862813 | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79033 | Vdb Entry | |
| https://www.midnight-commander.org/ticket/2913 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Midnight-commander Search vendor "Midnight-commander" | Midnight Commander Search vendor "Midnight-commander" for product "Midnight Commander" | 4.8.5 Search vendor "Midnight-commander" for product "Midnight Commander" and version "4.8.5" | - |
Affected
| ||||||