rpm package
suse/mgetty&distro=SUSE Linux Enterprise Server 12 SP3
pkg:rpm/suse/mgetty&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-16745 | Hig | 7.8 | < 1.1.36-58.3.1 | 1.1.36-58.3.1 | Sep 13, 2018 | An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it. | |
| CVE-2018-16744 | Hig | 7.8 | < 1.1.36-58.3.1 | 1.1.36-58.3.1 | Sep 13, 2018 | An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used. | |
| CVE-2018-16743 | Hig | 7.8 | < 1.1.36-58.3.1 | 1.1.36-58.3.1 | Sep 13, 2018 | An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow. | |
| CVE-2018-16742 | Hig | 7.8 | < 1.1.36-58.3.1 | 1.1.36-58.3.1 | Sep 13, 2018 | An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter. | |
| CVE-2018-16741 | Hig | 7.8 | < 1.1.36-58.3.1 | 1.1.36-58.3.1 | Sep 13, 2018 | An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <job |
- affected < 1.1.36-58.3.1fixed 1.1.36-58.3.1
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.
- affected < 1.1.36-58.3.1fixed 1.1.36-58.3.1
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used.
- affected < 1.1.36-58.3.1fixed 1.1.36-58.3.1
An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.
- affected < 1.1.36-58.3.1fixed 1.1.36-58.3.1
An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter.
- affected < 1.1.36-58.3.1fixed 1.1.36-58.3.1
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <job