Bug 17178 - one more security problem with mgetty
Summary: one more security problem with mgetty
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: mgetty
Version: 7.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-09-01 15:04 UTC by mal
Modified: 2008-05-01 15:37 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2000-09-07 19:49:43 UTC


Attachments (Terms of Use)

Description mal 2000-09-01 15:04:08 UTC
Same problem exists in RedHat.

Date: Thu, 31 Aug 2000 23:12:54 -0600
From: Linux Mandrake Security Team <security@linux-mandrake.com>
To: Linux Mandrake Security Announcements
<security-announce@linux-mandrake.com>
Subject: [Security Announce] MDKSA-2000:042 - mgetty update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

                Linux-Mandrake Security Update Advisory
________________________________________________________________________

Package name:           mgetty
Date:                   August 31st, 2000
Advisory ID:            MDKSA-2000:042

Affected versions:      6.0, 6.1, 7.0, 7.1
________________________________________________________________________

Problem Description:

 There is a problem in the mgetty package, which contains a number of
 tools for sending and receiving faxes.  The faxrunq tool uses a
 marker file in the /tmp directory, which is world-writable,  in an 
 insecure fashion.  This problem, if exploited, allows malicious users
 to overwrite files on the system via a symlink attack which are owned
 by the user that is invoking faxrunq.  All versions of mgetty prior to 
 1.1.22 are  vulnerable.
________________________________________________________________________

Comment 1 Nalin Dahyabhai 2000-09-07 19:49:40 UTC
An errata is being prepped.


Note You need to log in before you can comment on or make changes to this bug.