Mgetty
by Gert Doering
CVEs (7)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2003-0517 | Med | 0.36 | 5.5 | 0.00 | Aug 18, 2003 | faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files. | |
| CVE-2000-0691 | 0.03 | — | 0.01 | Oct 20, 2000 | The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file. | ||
| CVE-2008-4936 | 0.00 | — | 0.00 | Nov 5, 2008 | faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file. | ||
| CVE-2003-0516 | 0.00 | — | 0.01 | Aug 18, 2003 | cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings. | ||
| CVE-2002-1392 | 0.00 | — | 0.00 | Jan 17, 2003 | faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges. | ||
| CVE-2002-1391 | 0.00 | — | 0.03 | Jan 17, 2003 | Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument. | ||
| CVE-2001-0141 | 0.00 | — | 0.00 | Mar 12, 2001 | mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations. |