CVE-2008-4936
- EPSS 0.03%
- Veröffentlicht 05.11.2008 15:00:14
- Zuletzt bearbeitet 09.04.2025 00:30:58
faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.
CVE-2003-0516
- EPSS 0.9%
- Veröffentlicht 18.08.2003 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings.
CVE-2002-1391
- EPSS 3%
- Veröffentlicht 17.01.2003 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument.
CVE-2002-1392
- EPSS 0.08%
- Veröffentlicht 17.01.2003 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges.
CVE-2001-0141
- EPSS 0.08%
- Veröffentlicht 12.03.2001 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
CVE-2000-0691
- EPSS 0.53%
- Veröffentlicht 20.10.2000 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file.