VYPR

rpm package

opensuse/mgetty&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/mgetty&distro=openSUSE%20Tumbleweed

Vulnerabilities (5)

  • CVE-2018-16744HigSep 13, 2018
    affected < 1.2.1-6.2fixed 1.2.1-6.2

    An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used.

  • CVE-2018-16743HigSep 13, 2018
    affected < 1.2.1-6.2fixed 1.2.1-6.2

    An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.

  • CVE-2018-16742HigSep 13, 2018
    affected < 1.2.1-6.2fixed 1.2.1-6.2

    An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter.

  • CVE-2018-16741HigSep 13, 2018
    affected < 1.2.1-6.2fixed 1.2.1-6.2

    An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <job

  • CVE-2008-4936Nov 5, 2008
    affected < 1.2.1-6.2fixed 1.2.1-6.2

    faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.