Red Hat Bugzilla – Bug 17178
one more security problem with mgetty
Last modified: 2008-05-01 11:37:58 EDT
Same problem exists in RedHat.
Date: Thu, 31 Aug 2000 23:12:54 -0600
From: Linux Mandrake Security Team <firstname.lastname@example.org>
To: Linux Mandrake Security Announcements
Subject: [Security Announce] MDKSA-2000:042 - mgetty update
-----BEGIN PGP SIGNED MESSAGE-----
Linux-Mandrake Security Update Advisory
Package name: mgetty
Date: August 31st, 2000
Advisory ID: MDKSA-2000:042
Affected versions: 6.0, 6.1, 7.0, 7.1
There is a problem in the mgetty package, which contains a number of
tools for sending and receiving faxes. The faxrunq tool uses a
marker file in the /tmp directory, which is world-writable, in an
insecure fashion. This problem, if exploited, allows malicious users
to overwrite files on the system via a symlink attack which are owned
by the user that is invoking faxrunq. All versions of mgetty prior to
1.1.22 are vulnerable.
An errata is being prepped.