First published: Tue Jan 09 2001(Updated: )
cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Midnight Commander Midnight Commander | =4.5.42 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.