aru Posted May 6, 2003 Report Share Posted May 6, 2003 MandrakeSoft Security Advisory MDKSA-2003:053 : mgetty May 6th, 2003 Updated mgetty packages fix vulnerabilities Two vulnerabilities were discovered in mgetty versions prior to 1.1.29. An internal buffer could be overflowed if the caller name reported by the modem, via Caller ID information, was too long. As well, the faxspool script that comes with mgetty used a simple permissions scheme to allow or deny fax transmission privileges. Because the spooling directory used for outgoing faxes was world-writeable, this scheme was easily circumvented. The released versions of Mandrake GNU/Linux affected are: 8.2 [*] 8.2/PPC [*] 9.0 [*] Multi Network Firewall 8.2 [*] Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:053 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2002-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2002-1392 Posted automatically by aru (mdksec2mub v0.0.5) Link to comment Share on other sites More sharing options...
Recommended Posts