CVE-2004-1174
published 2005-04-14CVE-2004-1174: direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."
PriorityP412medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
1.43%
69.7th percentile
direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | mc | < mc 1:4.6.0-4.6.1-pre3-1 (bookworm) | mc 1:4.6.0-4.6.1-pre3-1 (bookworm) |
| midnight_commander | midnight_commander | — | — |
| midnight_commander | midnight_commander | — | — |
| midnight_commander | midnight_commander | — | — |
| midnight_commander | midnight_commander | — | — |
| midnight_commander | midnight_commander | — | — |
| midnight_commander | midnight_commander | — | — |
| midnight_commander | midnight_commander | — | — |
| midnight_commander | midnight_commander | — | — |
| midnight_commander | midnight_commander | — | — |
| midnight_commander | midnight_commander | — | — |
| midnight_commander | midnight_commander | — | — |
| midnight_commander | midnight_commander | — | — |
| midnight_commander | midnight_commander | — | — |
| midnight_commander | midnight_commander | — | — |
| midnight_commander | midnight_commander | — | — |
| midnight_commander | midnight_commander | — | — |
| redhat | enterprise_linux | — | — |
| redhat | linux_advanced_workstation | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mw98-rx4c-7jrv: direntry
ghsa_unreviewed·2022-04-29
CVE-2004-1174 [MEDIUM] GHSA-mw98-rx4c-7jrv: direntry
direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."
OSV
CVE-2004-1174: direntry
osv·2005-04-14·CVSS 5.0
CVE-2004-1174 [MEDIUM] CVE-2004-1174: direntry
direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."
Red Hat
security flaw
vendor_redhat·2005-01-14·CVSS 5.0
CVE-2004-1174 [MEDIUM] security flaw
security flaw
direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."
Debian
CVE-2004-1174: mc - direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cau...
vendor_debian·2004·CVSS 5.0
CVE-2004-1174 [MEDIUM] CVE-2004-1174: mc - direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cau...
direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."
Scope: local
bookworm: resolved (fixed in 1:4.6.0-4.6.1-pre3-1)
bullseye: resolved (fixed in 1:4.6.0-4.6.1-pre3-1)
forky: resolved (fixed in 1:4.6.0-4.6.1-pre3-1)
sid: resolved (fixed in 1:4.6.0-4.6.1-pre3-1)
trixie: resolved (fixed in 1:4.6.0-4.6.1-pre3-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2004-1174 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2004-1174 [MEDIUM] CVE-2004-1174 security flaw
CVE-2004-1174 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."
Bugzilla
CAN-2004-1009 Multiple mc issues (CAN-2004-1090 CAN-2004-1091 CAN-2004-1093 CAN-2004-1174 CAN-2004-1175 CAN-2005-0763)
bugzilla·2005-05-24
[MEDIUM] CAN-2004-1009 Multiple mc issues (CAN-2004-1090 CAN-2004-1091 CAN-2004-1093 CAN-2004-1174 CAN-2004-1175 CAN-2005-0763)
CAN-2004-1009 Multiple mc issues (CAN-2004-1090 CAN-2004-1091 CAN-2004-1093 CAN-2004-1174 CAN-2004-1175 CAN-2005-0763)
During the FC4 security audit, we came across a number of mc issues that have
not been fixed. The CVE id's in the Summary is all we know at the moment.
Jindrich, what do you think will be the easiest way to fix all these?
Discussion:
Hello Josh,
There's Fedora Legacy bug 152889, where some things related to these issues are
discussed and some of the patches might be ported to our RHEL-2.1 mc. I'm not
sure at the moment whether all the fixes are incorporated there. I'll have a
closer look into this.
---
*** Bug 153985 has been marked as a duplicate of this bug. ***
---
Josh,
I backported fixes for CAN-2004-1009, CAN-2004-1090, CAN-2004-1091,
CAN-2004-1093, CAN-200
http://secunia.com/advisories/13863/http://securitytracker.com/id?1012903http://www.debian.org/security/2005/dsa-639http://www.redhat.com/support/errata/RHSA-2005-512.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/18909http://secunia.com/advisories/13863/http://securitytracker.com/id?1012903http://www.debian.org/security/2005/dsa-639http://www.redhat.com/support/errata/RHSA-2005-512.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/18909
2005-04-14
Published