Download
| Alert*
oval:org.secpod.oval:def:603520
mgetty is installed oval:org.secpod.oval:def:2001041 An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy, which can cause a stack-based buffer overflow. oval:org.secpod.oval:def:2000895 An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter. oval:org.secpod.oval:def:1901244 An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the oval:org.secpod.oval:def:2000441 An issue was discovered in mgetty before 1.2.1. In fax_notify_mail in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it. oval:org.secpod.oval:def:603512 Two input sanitization failures have been found in the faxrunq and faxq binaries in mgetty, a smart modem getty replacement. An attacker could leverage them to insert commands via shell metacharacters in jobs id and have them executed with the privilege of the faxrunq/faxq user. oval:org.secpod.oval:def:53414 Two input sanitization failures have been found in the faxrunq and faxq binaries in mgetty, a smart modem getty replacement. An attacker could leverage them to insert commands via shell metacharacters in jobs id and have them executed with the privilege of the faxrunq/faxq user. oval:org.secpod.oval:def:2001498 An issue was discovered in mgetty before 1.2.1. In fax_notify_mail in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used. oval:org.secpod.oval:def:116046 The mgetty package contains a "smart" getty which allows logins over a serial line . If you're using a Class 2 or 2.0 modem, mgetty can receive faxes. If you also need to send faxes, you'll need to install the sendfax program. If you'll be dialing in to your system using a mode ... |