Vulnerability

    Midnight Commander

Affected

    Midnight Commander 4.5.51

Description

    Michal Zalewski found following.

        $ od -t x1 mcbug
        0000000 03 14 77 04 0a
        $ mkdir `cat mcbug`
        $ mc

    (try to view this directory - 'w' - 0x77 command will be executed;
    longer commands might be used, as well)

    Obviously,  this  attack  requires  privledged  user  interaction.
    Midnight Commander  won't display  full name  of the  directory if
    it's  long  enough,  so  these  control  characters  can be easily
    hidden.

    Such problems in Midnight Commander  seems to appear less or  more
    frequently.  We are affraid  that this pretty useful file  manager
    should not be used in multiuser systems, especially by root.

Solution

    Workaround: well, only a code audit might help.