New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.8
Synopsis
The remote Debian host is missing a security-related update.
Description
Andrew V. Samoilov has noticed that several bugfixes which were applied to the source by upstream developers of mc, the midnight commander, a file browser and manager, were not backported to the current version of mc that Debian ships in their stable release. The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities :
- CAN-2004-1004 Multiple format string vulnerabilities
- CAN-2004-1005
Multiple buffer overflows
- CAN-2004-1009
One infinite loop vulnerability
- CAN-2004-1090
Denial of service via corrupted section header
- CAN-2004-1091
Denial of service via null dereference
- CAN-2004-1092
Freeing unallocated memory
- CAN-2004-1093
Denial of service via use of already freed memory
- CAN-2004-1174
Denial of service via manipulating non-existing file handles
- CAN-2004-1175
Unintended program execution via insecure filename quoting
- CAN-2004-1176
Denial of service via a buffer underflow
Solution
Upgrade the mc package.
For the stable distribution (woody) these problems have been fixed in version 4.5.55-1.2woody5.