CVE-2000-1108
NONE EPSS 35.2%
Published Jan 9, 200125y ago · Modified Jun 16, 20262w ago
Published Jan 9, 2001 25y ago
Last Modified Jun 16, 2026 2w ago
Description
cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument.
Threat Intelligence
EPSS Exploit Probability
35.2% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| midnight_commander | midnight_commander | 4.5.42 | any |
References 5
- archives.neohapsis.com http://archives.neohapsis.com/archives/bugtraq/2000-11/0192.html
- debian.org http://www.debian.org/security/2000/20001125
- linux-mandrake.com http://www.linux-mandrake.com/en/security/MDKSA-2000-078.php3
- securityfocus.com http://www.securityfocus.com/bid/1945
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/5519
Remediation
- debian.org http://www.debian.org/security/2000/20001125
- securityfocus.com http://www.securityfocus.com/bid/1945