Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Apps A-M :: a6123.htm

mgetty buffer overflow and permissions problem



9th Apr 2003 [SBWID-6123]
COMMAND

	mgetty buffer overflow and permissions problem

SYSTEMS AFFECTED

	all versions prior to 1.1.29

PROBLEM

	In RedHat Security Advisory RHSA-2003:036-01:
	
	mgetty is a getty replacement for use with data and fax modems.
	
	mgetty can be configured to run an external program  to  decide  whether
	or not to answer an  incoming  call  based  on  Caller  ID  information.
	Unpatched versions of mgetty prior to 1.1.29 would overflow an  internal
	buffer if the caller name reported by the modem was too long.
	
	Additionally, the faxspool  script  supplied  with  versions  of  mgetty
	prior to 1.1.29 used a simple permissions scheme to allow  or  deny  fax
	transmission privileges. This scheme  was  easily  circumvented  because
	the spooling directory used for outgoing faxes was world-writable.
	
	

SOLUTION

	Upgrade to mgetty 1.1.30


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH