The remote host is missing an update to mc announced via advisory DSA 036-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20036-1

It has been reported that a local user could tweak Midnight Commander of another user into executing a random program under the user id of the person running Midnight Commander. This behaviour has been fixed by Andrew V. Samoilov. We recommend you upgrade your mc package.