1.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:H/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
5.2%
mgetty, a replacement for getty designed to support modem and fax use, creates files of a predictable name in a world-writable directory without checking for the prior existence or ownership of the file. Using a symbolic link attack, an intruder might cause the overwrite of arbitrary files on the system, but the risk of elevated privileges is low.
mgetty uses the faxrunq service to process faxes. This involves use of the world-writable /var/spool/fax/outgoing/ directory to store temporary files. These temporary files are created without checking for prior existence or ownership of the files.
By creating a symbolic link named ‘.last_run’ and pointing towards any existing file, an attacker can cause mgetty to overwrite the file. Since the attacker cannot control the content of the overwritten file, the risk of exploiting this for elevated privileges is low.
Apply vendor patches; see the Systems Affected section below.
Disable the faxrunq service.
396272
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: January 10, 2001 Updated: September 13, 2001
Affected
<http://www.caldera.com/support/security/advisories/CSSA-2001-002.0.txt>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: March 06, 2001 Updated: September 13, 2001
Affected
http://lists.debian.org/debian-security-announce/debian-security-announce-2001/msg00000.html
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 20, 2000 Updated: September 13, 2001
Affected
<ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:71.mgetty.asc>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: January 10, 2001 Updated: September 13, 2001
Affected
<http://www.linuxsecurity.com/advisories/other_advisory-1034.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: January 10, 2001 Updated: September 13, 2001
Affected
<http://www.linux-mandrake.com/en/updates/2001/MDKSA-2001-009.php3?dis=6.1>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 18, 2001 Updated: September 20, 2001
Affected
<http://www.redhat.com/support/errata/RHSA-2001-050.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 18, 2001 Updated: September 20, 2001
Not Affected
Mac OS X does not contain mgetty, and is not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 18, 2001 Updated: September 27, 2001
Not Affected
Cray, Inc. does not provide mgetty with its operating system software so we are not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 18, 2001 Updated: September 20, 2001
Not Affected
HP-UX is not effected.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 18, 2001 Updated: September 20, 2001
Not Affected
IBM’s AIX operating system does not include mgetty and the faxrunq service, so AIX is not vulnerable to the exploit described.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 18, 2001 Updated: November 08, 2001
Not Affected
NetBSD does not ship with mgetty as part of the base distribution, but it is available as an optional third-party package. We did distribute a package with a vulnerable version (less that 1.1.22). We do not intend to release a specific vulnerability notice, but we do have other means of notifying users of our third party packages about vulnerabilities in said packages (the “audit-packages” system).
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 18, 2001 Updated: September 20, 2001
Not Affected
OpenBSD does not use mgetty.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 18, 2001 Updated: September 20, 2001
Not Affected
Caldera’s UNIX products (OpenServer, UnixWare, Open Unix) do not ship mgetty.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 18, 2001 Updated: September 20, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 18, 2001 Updated: September 20, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 18, 2001 Updated: September 20, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 18, 2001 Updated: September 20, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 18, 2001 Updated: September 20, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 18, 2001 Updated: September 20, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 18, 2001 Updated: September 20, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 18, 2001 Updated: September 20, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 18, 2001 Updated: September 20, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 18, 2001 Updated: September 20, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 18, 2001 Updated: September 20, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
Notified: September 18, 2001 Updated: September 20, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23396272 Feedback>).
View all 25 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was first identified by Greg Kroah-Hartman of Immunix.
This document was last changed by Tim Shimeall.
CVE IDs: | CVE-2001-0141 |
---|---|
Severity Metric: | 1.13 Date Public: |
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:71.mgetty.asc
lists.debian.org/debian-security-announce/debian-security-announce-2001/msg00000.html
www.caldera.com/support/security/advisories/CSSA-2001-002.0.txt
www.linux-mandrake.com/en/updates/2001/MDKSA-2001-009.php3?dis=6.1
www.linuxsecurity.com/advisories/caldera_advisory-1059.html
www.linuxsecurity.com/advisories/debian_advisory-1184.html
www.linuxsecurity.com/advisories/freebsd_advisory-894.html
www.linuxsecurity.com/advisories/other_advisory-1034.html
www.linuxsecurity.com/advisories/redhat_advisory-1321.html
www.redhat.com/support/errata/RHSA-2001-050.html
www.securityfocus.com/bid/2187