Download
| Alert*
|
oval:org.secpod.oval:def:89043825
This update for mgetty fixes the following security issues: - CVE-2018-16741: The function do_activate did not properly sanitize shell metacharacters to prevent command injection - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached ... oval:org.secpod.oval:def:89002530 This update for mgetty fixes the following issues: - CVE-2018-16741: The function do_activate did not properly sanitize shell metacharacters to prevent command injection - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it - CVE ... oval:org.secpod.oval:def:116039 The mgetty package contains a "smart" getty which allows logins over a serial line . If you're using a Class 2 or 2.0 modem, mgetty can receive faxes. If you also need to send faxes, you'll need to install the sendfax program. If you'll be dialing in to your system using a mode ... oval:org.secpod.oval:def:1901244 An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the oval:org.secpod.oval:def:603512 Two input sanitization failures have been found in the faxrunq and faxq binaries in mgetty, a smart modem getty replacement. An attacker could leverage them to insert commands via shell metacharacters in jobs id and have them executed with the privilege of the faxrunq/faxq user. oval:org.secpod.oval:def:53414 Two input sanitization failures have been found in the faxrunq and faxq binaries in mgetty, a smart modem getty replacement. An attacker could leverage them to insert commands via shell metacharacters in jobs id and have them executed with the privilege of the faxrunq/faxq user. oval:org.secpod.oval:def:89049651 This update for mgetty fixes the following issues: - CVE-2018-16741: The function do_activate did not properly sanitize shell metacharacters to prevent command injection . - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it . - C ... oval:org.secpod.oval:def:116046 The mgetty package contains a "smart" getty which allows logins over a serial line . If you're using a Class 2 or 2.0 modem, mgetty can receive faxes. If you also need to send faxes, you'll need to install the sendfax program. If you'll be dialing in to your system using a mode ... |
