fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/18906http://secunia.com/advisories/13863/http://securitytracker.com/id?1012903http://www.debian.org/security/2005/dsa-639http://www.redhat.com/support/errata/RHSA-2005-512.html
