Test ID:	1.3.6.1.4.1.25623.1.0.52778
Category:	Fedora Local Security Checks
Title:	Fedora Legacy Security Advisory FLSA-2004:1224
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory FLSA-2004:1224. There exists a stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allowing remote attackers to execute arbitrary code during symlink conversion. Fedora Legacy would like to thank Seth Vidal for bringing this issue to our attention. Affected platforms: Redhat 7.2 Redhat 7.3 Redhat 8 Solution: http://www.securityspace.com/smysecure/catid.html?in=FLSA-2004:1224 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-1023 BugTraq ID: 8658 http://www.securityfocus.com/bid/8658 Bugtraq: 20030919 uninitialized buffer in midnight commander (Google Search) http://archive.cert.uni-stuttgart.de/bugtraq/2003/09/msg00309.html Bugtraq: 20040405 [OpenPKG-SA-2004.009] OpenPKG Security Advisory (mc) (Google Search) http://marc.info/?l=bugtraq&m=108118433222764&w=2 Caldera Security Advisory: CSSA-2004-014.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-014.0.txt Conectiva Linux advisory: CLA-2004:833 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000833 Debian Security Information: DSA-424 (Google Search) http://www.debian.org/security/2004/dsa-424 http://fedoranews.org/updates/FEDORA-2004-058.shtml http://www.redhat.com/archives/fedora-legacy-announce/2004-May/msg00002.html http://security.gentoo.org/glsa/glsa-200403-09.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:007 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A822 RedHat Security Advisories: RHSA-2004:034 http://rhn.redhat.com/errata/RHSA-2004-034.html RedHat Security Advisories: RHSA-2004:035 http://rhn.redhat.com/errata/RHSA-2004-035.html http://secunia.com/advisories/10645 http://secunia.com/advisories/10685 http://secunia.com/advisories/10716 http://secunia.com/advisories/10772 http://secunia.com/advisories/10823 http://secunia.com/advisories/11219 http://secunia.com/advisories/11262 http://secunia.com/advisories/11268 http://secunia.com/advisories/11296 http://secunia.com/advisories/9833 SGI Security Advisory: 20040201-01-U ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc SGI Security Advisory: 20040202-01-U ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc XForce ISS Database: midnight-commander-vfssresolvesymlink-bo(13247) https://exchange.xforce.ibmcloud.com/vulnerabilities/13247
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.