(RHSA-2004:464) mc security update

ID RHSA-2004:464
Type redhat
Reporter RedHat
Modified 2018-03-14T19:27:47


Midnight Commander (mc) is a visual shell much like a file manager.

Shell escape bugs have been discovered in several of the mc vfs backend scripts. An attacker who is able to influence a victim to open a specially-crafted URI using mc could execute arbitrary commands as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0494 to this issue.

Users of mc should upgrade to this updated package which contains backported patches and is not vulnerable to this issue.