262 matches found
openSUSE: Security Advisory for mgetty (openSUSE-SU-2018:3108-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for mgetty (moderate)
This update for mgetty fixes the following issues: - CVE-2018-16741: Fixed a command injection in fax/faxq-helper.c boo1108752 - CVE-2018-16742: Stack-based buffer overflow in contrib/scrts.c triggered via command line parameter boo1108762 - CVE-2018-16743: Stack-based buffer overflow with long...
SUSE SLED12 / SLES12 Security Update : mgetty (SUSE-SU-2018:2979-1)
This update for mgetty fixes the following security issues : CVE-2018-16741: The function doactivate did not properly sanitize shell metacharacters to prevent command injection bsc1108752 CVE-2018-16745: The mailto parameter was not sanitized, leading to a buffer overflow if long untrusted input...
SUSE-SU-2018:2979-1 Security update for mgetty
This update for mgetty fixes the following security issues: - CVE-2018-16741: The function doactivate did not properly sanitize shell metacharacters to prevent command injection bsc1108752 - CVE-2018-16745: The mailto parameter was not sanitized, leading to a buffer overflow if long untrusted inp...
openSUSE Security Update : mgetty (openSUSE-2018-1080)
This update for mgetty fixes the following issues : - CVE-2018-16741: The function doactivate did not properly sanitize shell metacharacters to prevent command injection bsc1108752. - CVE-2018-16745: The mailto parameter was not sanitized, leading to a buffer overflow if long untrusted input...
Security update for mgetty (important)
This update for mgetty fixes the following issues: - CVE-2018-16741: The function doactivate did not properly sanitize shell metacharacters to prevent command injection bsc1108752. - CVE-2018-16745: The mailto parameter was not sanitized, leading to a buffer overflow if long untrusted input reach...
SUSE-SU-2018:2894-1 Security update for mgetty
This update for mgetty fixes the following issues: - CVE-2018-16741: The function doactivate did not properly sanitize shell metacharacters to prevent command injection bsc1108752. - CVE-2018-16745: The mailto parameter was not sanitized, leading to a buffer overflow if long untrusted input reach...
SUSE SLES11 Security Update : mgetty (SUSE-SU-2018:2850-1)
This update for mgetty fixes the following issues : CVE-2018-16741: The function doactivate did not properly sanitize shell metacharacters to prevent command injection bsc1108752 CVE-2018-16745: The mailto parameter was not sanitized, leading to a buffer overflow if long untrusted input reached i...
SUSE-SU-2018:2850-1 Security update for mgetty
This update for mgetty fixes the following issues: - CVE-2018-16741: The function doactivate did not properly sanitize shell metacharacters to prevent command injection bsc1108752 - CVE-2018-16745: The mailto parameter was not sanitized, leading to a buffer overflow if long untrusted input reache...
The vulnerability of the `fax_notify_mail` function in the `mgetty` package on Red Hat Enterprise Linux systems allows a hacker to cause a service failure.
The vulnerability of the faxnotifymail function in the mgetty package for Red Hat Enterprise Linux is caused by a buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to trigger a service failure using the mailto parameter...
mgetty 1.2.0 Buffer Overflow / Privilege Escalation Vulnerabilities
mgetty version 1.2.0 suffers from buffer overflow, code execution, and various other privilege escalation related vulnerabilities. Multiple Vulnerabilities in mgetty ================================== Overview - -------- Confirmed Affected Versions: 1.2.0 Patched Versions: 1.2.1 Vendor: mgetty...
CVE-2018-16742
An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter...
CVE-2018-16743
An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy, which can cause a stack-based buffer overflow...
CVE-2018-16744
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used. Mitigation Make sure the notify option in /etc/mgetty+sendfax/mgetty.config does not...
CVE-2018-16745
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it. Mitigation Make sure the notify option in /etc/mgetty+sendfax/mgetty.config does not contain more than 150...
Mgetty Buffer Overflow Vulnerability
Mgetty is a getty replacement program for data and fax operations. A buffer overflow vulnerability exists in the faxrec.c file in versions of Mgetty prior to 1.2.1, which stems from a failure of the program to filter the 'mailto' in the 'faxnotifymail' function. parameter in the 'faxnotifymail'...
Mgetty Buffer Overflow Vulnerability (CNVD-2019-03437)
Mgetty is a getty replacement program for data and fax operations. A stack buffer overflow vulnerability exists in the contrib/next-login/login.c file in versions of Mgetty prior to 1.2.1, which stems from a program passing an unfiltered 'username' parameter to the 'strcpy ' function, which can b...
Mgetty Buffer Overflow Vulnerability (CNVD-2019-03438)
Mgetty is a getty replacement program for data and fax operations. A stack buffer overflow vulnerability exists in the contrib/scrts.c file in versions of Mgetty prior to 1.2.1, which can be exploited to execute arbitrary code or cause a denial of service with the help of command line arguments...
Mgetty Command Injection Vulnerability (CNVD-2019-03439)
Mgetty is a getty replacement program for data and fax operations. A command injection vulnerability exists in Mgetty versions prior to 1.2.1, which stems from the 'doactivate' function failing to properly filter shell metacharacters in the fax/faxq-helper.c file, which can be exploited by an...
Mgetty Command Injection Vulnerability
Mgetty is a getty replacement program for data and fax operations. A command injection vulnerability exists in the faxrec.c file in versions of Mgetty prior to 1.2.1, which stems from the program failing to filter the 'mailto' parameter in the 'faxnotifymail' function The vulnerability can be...