Описание
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.
Меры по смягчению последствий
Make sure the notify option in /etc/mgetty+sendfax/mgetty.config does not contain more than 150 characters and that the file is readable and writable only by root.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | mgetty | Will not fix | ||
| Red Hat Enterprise Linux 6 | mgetty | Will not fix | ||
| Red Hat Enterprise Linux 7 | mgetty | Fix deferred |
Показывать по
Дополнительная информация
Статус:
3.9 Low
CVSS3
Связанные уязвимости
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() i ...
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.
Уязвимость функции fax_notify_mail пакета mgetty операционных систем Red Hat Enterprise Linux, позволяющая нарушителю вызвать отказ в обслуживании
3.9 Low
CVSS3