Lucene search
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2003-008.NASLHistoryJul 06, 2004 - 12:00 a.m.
RHEL 2.1 : mgetty (RHSA-2003:008)
2004-07-0600:00:00
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
Updated Mgetty packages are now available to fix a possible buffer overflow and a permissions problem.
Mgetty is a getty replacement for use with data and fax modems.
Mgetty can be configured to run an external program to decide whether or not to answer an incoming call based on Caller ID information.
Versions of Mgetty prior to 1.1.29 would overflow an internal buffer if the caller name reported by the modem was too long.
Additionally, the faxspool script supplied with versions of Mgetty prior to 1.1.29 used a simple permissions scheme to allow or deny fax transmission privileges. This scheme was easily circumvented because the spooling directory used for outgoing faxes was world-writable.
All users of Mgetty should upgrade to these errata packages, which contain Mgetty 1.1.30 and are not vulnerable to these issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2003:008. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(12349);
script_version("1.25");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2002-1391", "CVE-2002-1392");
script_xref(name:"RHSA", value:"2003:008");
script_name(english:"RHEL 2.1 : mgetty (RHSA-2003:008)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated Mgetty packages are now available to fix a possible buffer
overflow and a permissions problem.
Mgetty is a getty replacement for use with data and fax modems.
Mgetty can be configured to run an external program to decide whether
or not to answer an incoming call based on Caller ID information.
Versions of Mgetty prior to 1.1.29 would overflow an internal buffer
if the caller name reported by the modem was too long.
Additionally, the faxspool script supplied with versions of Mgetty
prior to 1.1.29 used a simple permissions scheme to allow or deny fax
transmission privileges. This scheme was easily circumvented because
the spooling directory used for outgoing faxes was world-writable.
All users of Mgetty should upgrade to these errata packages, which
contain Mgetty 1.1.30 and are not vulnerable to these issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2002-1391"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2002-1392"
);
# http://search.alphanet.ch/cgi-bin/search.cgi?msgid=
script_set_attribute(
attribute:"see_also",
value:"https://www.alphanet.ch/~schaefer/cgi-bin/search.cgi?msgid="
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2003:008"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mgetty");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mgetty-sendfax");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mgetty-viewfax");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mgetty-voice");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
script_set_attribute(attribute:"vuln_publication_date", value:"2003/01/17");
script_set_attribute(attribute:"patch_publication_date", value:"2003/02/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2003:008";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mgetty-1.1.30-0.7")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mgetty-sendfax-1.1.30-0.7")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mgetty-viewfax-1.1.30-0.7")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mgetty-voice-1.1.30-0.7")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mgetty / mgetty-sendfax / mgetty-viewfax / mgetty-voice");
}
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | mgetty | p-cpe:/a:redhat:enterprise_linux:mgetty |
| redhat | enterprise_linux | mgetty-sendfax | p-cpe:/a:redhat:enterprise_linux:mgetty-sendfax |
| redhat | enterprise_linux | mgetty-viewfax | p-cpe:/a:redhat:enterprise_linux:mgetty-viewfax |
| redhat | enterprise_linux | mgetty-voice | p-cpe:/a:redhat:enterprise_linux:mgetty-voice |
| redhat | enterprise_linux | 2.1 | cpe:/o:redhat:enterprise_linux:2.1 |
Related
securityvulns
securityvulns
[RHSA-2003:036-01] Updated mgetty packages available
2003-04-09 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : mgetty (MDKSA-2003:053-1)
2004-07-31 00:00:00
redhat
redhat
(RHSA-2003:008) mgetty security update
2003-02-11 00:00:00
cve
cve
CVE-2002-1391
2003-01-17 05:00:00
CVE-2002-1392
2003-01-17 05:00:00
debiancve
debiancve
CVE-2002-1391
2003-01-17 05:00:00
CVE-2002-1392
2003-01-17 05:00:00
Related for REDHAT-RHSA-2003-008.NASL