CVE-2004-1175

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

Published: Apr 14, 2005
Updated: Apr 13, 2023
CVE: CVE-2004-1175
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
midnight_commander / midnight_commander	4.5.48	4.5.48.x
midnight_commander / midnight_commander	4.5.40	4.5.40.x
midnight_commander / midnight_commander	4.5.43	4.5.43.x
midnight_commander / midnight_commander	4.5.50	4.5.50.x
midnight_commander / midnight_commander	4.5.49	4.5.49.x
midnight_commander / midnight_commander	4.5.52	4.5.52.x
midnight_commander / midnight_commander	4.5.42	4.5.42.x
midnight_commander / midnight_commander	4.5.45	4.5.45.x
midnight_commander / midnight_commander	4.5.55	4.5.55.x
midnight_commander / midnight_commander	4.5.44	4.5.44.x
midnight_commander / midnight_commander	4.5.41	4.5.41.x
midnight_commander / midnight_commander	4.5.46	4.5.46.x
midnight_commander / midnight_commander	4.5.47	4.5.47.x
midnight_commander / midnight_commander	4.5.51	4.5.51.x
midnight_commander / midnight_commander	4.5.54	4.5.54.x
midnight_commander / midnight_commander	4.6	4.6.x
redhat / enterprise_linux	2.1	2.1.x
suse / suse_linux	9.2	9.2.x
debian / debian_linux	3.0	3.0.x
suse / suse_linux	9.0	9.0.x
redhat / linux_advanced_workstation	2.1	2.1.x
suse / suse_linux	8.2	8.2.x
turbolinux / turbolinux_server	7.0	7.0.x
suse / suse_linux	8.0	8.0.x
turbolinux / turbolinux_workstation	7.0	7.0.x
suse / suse_linux	9.1	9.1.x
turbolinux / turbolinux_workstation	8.0	8.0.x
turbolinux / turbolinux_server	8.0	8.0.x
gentoo / linux	-	-
suse / suse_linux	8.1	8.1.x

Vulnerability Database

289,599

CVE-2004-1175