Test ID:	1.3.6.1.4.1.25623.1.0.50644
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2004:007 (mc)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to mc announced via advisory MDKSA-2004:007. A buffer overflow was discovered in mc's virtual filesystem code. This vulnerability could allow remote attackers to execute arbitrary code during symlink conversion. The updated packages have been patched to correct the problem. Affected versions: 9.1, 9.2, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1023 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-1023 BugTraq ID: 8658 http://www.securityfocus.com/bid/8658 Bugtraq: 20030919 uninitialized buffer in midnight commander (Google Search) http://archive.cert.uni-stuttgart.de/bugtraq/2003/09/msg00309.html Bugtraq: 20040405 [OpenPKG-SA-2004.009] OpenPKG Security Advisory (mc) (Google Search) http://marc.info/?l=bugtraq&m=108118433222764&w=2 Caldera Security Advisory: CSSA-2004-014.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-014.0.txt Conectiva Linux advisory: CLA-2004:833 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000833 Debian Security Information: DSA-424 (Google Search) http://www.debian.org/security/2004/dsa-424 http://fedoranews.org/updates/FEDORA-2004-058.shtml http://www.redhat.com/archives/fedora-legacy-announce/2004-May/msg00002.html http://security.gentoo.org/glsa/glsa-200403-09.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:007 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A822 RedHat Security Advisories: RHSA-2004:034 http://rhn.redhat.com/errata/RHSA-2004-034.html RedHat Security Advisories: RHSA-2004:035 http://rhn.redhat.com/errata/RHSA-2004-035.html http://secunia.com/advisories/10645 http://secunia.com/advisories/10685 http://secunia.com/advisories/10716 http://secunia.com/advisories/10772 http://secunia.com/advisories/10823 http://secunia.com/advisories/11219 http://secunia.com/advisories/11262 http://secunia.com/advisories/11268 http://secunia.com/advisories/11296 http://secunia.com/advisories/9833 SGI Security Advisory: 20040201-01-U ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc SGI Security Advisory: 20040202-01-U ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc XForce ISS Database: midnight-commander-vfssresolvesymlink-bo(13247) https://exchange.xforce.ibmcloud.com/vulnerabilities/13247
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.