Gert Doering
Products
1- 10 CVEs
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-16743 | Hig | 0.51 | 7.8 | 0.00 | Sep 13, 2018 | An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow. | ||
| CVE-2003-0517 | Med | 0.36 | 5.5 | 0.00 | Aug 18, 2003 | faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files. | ||
| CVE-2000-0691 | 0.03 | — | 0.01 | Oct 20, 2000 | The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file. | |||
| CVE-2019-1010189 | 0.00 | — | 0.01 | Jul 24, 2019 | mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1. | |||
| CVE-2019-1010190 | 0.00 | — | 0.01 | Jul 24, 2019 | mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact is: DoS, the program may crash if the memory is not mapped. The component is: putwhitespan() in g3/pbm2g3.c. The attack vector is: Local, the victim must open a specially crafted file. The fixed version is:… | |||
| CVE-2008-4936 | 0.00 | — | 0.00 | Nov 5, 2008 | faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file. | |||
| CVE-2003-0516 | 0.00 | — | 0.02 | Aug 18, 2003 | cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings. | |||
| CVE-2002-1391 | 0.00 | — | 0.04 | Jan 17, 2003 | Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument. | |||
| CVE-2002-1392 | 0.00 | — | 0.00 | Jan 17, 2003 | faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges. | |||
| CVE-2001-0141 | 0.00 | — | 0.00 | Mar 12, 2001 | mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
- risk 0.51cvss 7.8epss 0.00
An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.
- risk 0.36cvss 5.5epss 0.00
faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files.
- CVE-2000-0691Oct 20, 2000risk 0.03cvss —epss 0.01
The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file.
- CVE-2019-1010189Jul 24, 2019risk 0.00cvss —epss 0.01
mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1.
- CVE-2019-1010190Jul 24, 2019risk 0.00cvss —epss 0.01
mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact is: DoS, the program may crash if the memory is not mapped. The component is: putwhitespan() in g3/pbm2g3.c. The attack vector is: Local, the victim must open a specially crafted file. The fixed version is:…
- CVE-2008-4936Nov 5, 2008risk 0.00cvss —epss 0.00
faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.
- CVE-2003-0516Aug 18, 2003risk 0.00cvss —epss 0.02
cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings.
- CVE-2002-1391Jan 17, 2003risk 0.00cvss —epss 0.04
Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument.
- CVE-2002-1392Jan 17, 2003risk 0.00cvss —epss 0.00
faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges.
- CVE-2001-0141Mar 12, 2001risk 0.00cvss —epss 0.00
mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations.