GNU Midnight Commander: User-assisted execution of arbitrary code

GNU Midnight Commander: User-assisted execution of arbitrary code GNU Midnight Commander does not properly sanitize environment variables, possibly resulting in execution of arbitrary code or Denial of Service. mc February 20, 2014 February 20, 2014: 1 436518 remote 4.8.7 4.8.7

GNU Midnight Commander is a text based file manager.

GNU Midnight Commander does not properly sanitize environment variables.

A remote attacker could entice a user to open a specially crafted archive file using GNU Midnight Commander, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

There is no known workaround at this time.

All GNU Midnight Commander users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=app-misc/mc-4.8.7"

CVE-2012-4463 ackle ackle