Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:3108-1

Опубликовано: 12 окт. 2018
Источник: suse-cvrf

Описание

Security update for mgetty

This update for mgetty fixes the following issues:

  • CVE-2018-16741: Fixed a command injection in fax/faxq-helper.c (boo#1108752)

  • CVE-2018-16742: Stack-based buffer overflow in contrib/scrts.c triggered via command line parameter (boo#1108762)

  • CVE-2018-16743: Stack-based buffer overflow with long username in contrib/next-login/login.c (boo#1108761)

  • CVE-2018-16744: Command injection in faxrec.c (boo#1108757)

  • CVE-2018-16745: Stack-based buffer overflow in fax_notify_mail() in faxrec.c (boo#1108756)

  • sets maximum length of a string to prevent buffer overflow and thus possible command injection

  • The obsolete contrib/scrts.c tool was deleted, which contained a buffer overflow.

Список пакетов

openSUSE Leap 42.3
g3utils-1.1.36-65.3.1
mgetty-1.1.36-65.3.1
sendfax-1.1.36-65.3.1

Ссылки

Описание

An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command.

Затронутые продукты
openSUSE Leap 42.3:g3utils-1.1.36-65.3.1
openSUSE Leap 42.3:mgetty-1.1.36-65.3.1
openSUSE Leap 42.3:sendfax-1.1.36-65.3.1
Ссылки

Описание

An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter.

Затронутые продукты
openSUSE Leap 42.3:g3utils-1.1.36-65.3.1
openSUSE Leap 42.3:mgetty-1.1.36-65.3.1
openSUSE Leap 42.3:sendfax-1.1.36-65.3.1
Ссылки

Описание

An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.

Затронутые продукты
openSUSE Leap 42.3:g3utils-1.1.36-65.3.1
openSUSE Leap 42.3:mgetty-1.1.36-65.3.1
openSUSE Leap 42.3:sendfax-1.1.36-65.3.1
Ссылки

Описание

An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used.

Затронутые продукты
openSUSE Leap 42.3:g3utils-1.1.36-65.3.1
openSUSE Leap 42.3:mgetty-1.1.36-65.3.1
openSUSE Leap 42.3:sendfax-1.1.36-65.3.1
Ссылки

Описание

An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.

Затронутые продукты
openSUSE Leap 42.3:g3utils-1.1.36-65.3.1
openSUSE Leap 42.3:mgetty-1.1.36-65.3.1
openSUSE Leap 42.3:sendfax-1.1.36-65.3.1
Ссылки