mirror of
https://github.com/MidnightCommander/mc
synced 2024-12-22 20:36:50 +03:00
6bdf50c5a5
Paul Hartman reported the following (minor) security flaw into Gentoo's bugzilla: https://bugs.gentoo.org/show_bug.cgi?id=436518 When multiple files are selected and F3 / Enter key is pressed on some of the files, MC_EXT_SELECTED variable does not sanitize the whitespace characters properly (leading into situation when first file is used as the actual value of MC_EXT_SELECTED variable and the remaining files from the list are used as arguments passed to the temporary script, created to handle F3 / Enter action on the first file). A remote attacker could provide a specially-crafted archive and trick the local Midnight Commander user into expanding and viewing it, which under certain circumstances could lead to arbitrary code execution with the privileges of the user running the mc executable. Signed-off-by: Slava Zanko <slavazanko@gmail.com> |
||
|---|---|---|
| .. | ||
| lib | ||
| src | ||
| Makefile.am | ||