Midnight Commander Directory Viewing Command Execution Vulnerability

Midnight Commander is a popular file management tool for unix systems. Among many other features, Midnight Commander allows users to traverse their filesystem using a menu-style console interface. There exists a vulnerability in the way Midnight Commander handles directories that may allow for arbitrary commands to be executed when maliciously created directories are opened.

Attackers can embed commands into directory names after certain byte values (0x03 and 0x14) that will be executed when a user running Midnight Commander opens them. Because Midnight Commander doesn't list entire directory names in the filesystem window if they are long, this sequence of characters (nonprintable) and the commands can be hidden from the user if enough printable/normal looking characters preceed them.

This vulnerability requires direct user interaction (user must open the malicious directory with Midnight commander) to be exploited.

If exploited, this vulnerability can result in an elevation of privileges for the attacker.


 

Privacy Statement
Copyright 2010, SecurityFocus