Test ID:	1.3.6.1.4.1.25623.1.0.50296
Category:	Fedora Local Security Checks
Title:	Fedora Core 1 FEDORA-2004-058 (mc)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to mc announced via advisory FEDORA-2004-058. Midnight Commander is a visual shell much like a file manager, only with many more features. It is a text mode application, but it also includes mouse support if you are running GPM. Midnight Commander's best features are its ability to FTP, view tar and zip files, and to poke into RPMs for specific files. * Sat Jan 31 2004 Jakub Jelinek 4.6.0-8.4 - fix previous patch * Fri Jan 30 2004 Jakub Jelinek 4.6.0-8.3 - update php.syntax file (#112645) - fix crash with large syntax file (#112644) * Fri Jan 23 2004 Jakub Jelinek 4.6.0-8.2 - update CVE-2003-1023 fix to still make vfs symlinks relative, but with bounds checking * Sat Jan 17 2004 Warren Togami 4.6.0-8.1 - rebuild for FC1 * Sat Jan 17 2004 Warren Togami 4.6.0-7 - BuildRequires glib2-devel, slang-devel, XFree86-devel, e2fsprogs-devel, gettext - Copyright -> License - PreReq -> Requires - Explicit zero epoch in versioned dev dep - /usr/share/mc directory ownership - Improve script_summary( - (Seth Vidal QA) fix for CVE-2003-1023 (Security) Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2004-058.shtml Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-1023 BugTraq ID: 8658 http://www.securityfocus.com/bid/8658 Bugtraq: 20030919 uninitialized buffer in midnight commander (Google Search) http://archive.cert.uni-stuttgart.de/bugtraq/2003/09/msg00309.html Bugtraq: 20040405 [OpenPKG-SA-2004.009] OpenPKG Security Advisory (mc) (Google Search) http://marc.info/?l=bugtraq&m=108118433222764&w=2 Caldera Security Advisory: CSSA-2004-014.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-014.0.txt Conectiva Linux advisory: CLA-2004:833 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000833 Debian Security Information: DSA-424 (Google Search) http://www.debian.org/security/2004/dsa-424 http://fedoranews.org/updates/FEDORA-2004-058.shtml http://www.redhat.com/archives/fedora-legacy-announce/2004-May/msg00002.html http://security.gentoo.org/glsa/glsa-200403-09.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:007 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A822 RedHat Security Advisories: RHSA-2004:034 http://rhn.redhat.com/errata/RHSA-2004-034.html RedHat Security Advisories: RHSA-2004:035 http://rhn.redhat.com/errata/RHSA-2004-035.html http://secunia.com/advisories/10645 http://secunia.com/advisories/10685 http://secunia.com/advisories/10716 http://secunia.com/advisories/10772 http://secunia.com/advisories/10823 http://secunia.com/advisories/11219 http://secunia.com/advisories/11262 http://secunia.com/advisories/11268 http://secunia.com/advisories/11296 http://secunia.com/advisories/9833 SGI Security Advisory: 20040201-01-U ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc SGI Security Advisory: 20040202-01-U ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc XForce ISS Database: midnight-commander-vfssresolvesymlink-bo(13247) https://exchange.xforce.ibmcloud.com/vulnerabilities/13247
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.