Red Hat Bugzilla – Bug 114540
CAN-2003-1023 mc stack overflow
Last modified: 2007-11-30 17:10:35 EST
A buffer overflow has been found in Midnight Commander's virtual
filesystem code. Specifically, a stack-based buffer overflow in
vfs_s_resolve_symlink of vfs/direntry.c allows remote attackers to
execute arbitrary code during symlink conversion.
Also see bug #113849 and bug #113850
The patch was already included in 8.1, but at that time not announced
as a security update (actually not announced at all).
8.4 should be pushed to the main update tree ASAP as this is a serious
vulnerability and not every body runs or checks testing, so I assume
90% of people running Fedora are still vulnerable.