This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated Mgetty packages are now available to fix a possible buffer
overflow and a permissions problem.
Mgetty is a getty replacement for use with data and fax modems.
Mgetty can be configured to run an external program to decide whether
or not to answer an incoming call based on Caller ID information.
Versions of Mgetty prior to 1.1.29 would overflow an internal buffer
if the caller name reported by the modem was too long.
Additionally, the faxspool script supplied with versions of Mgetty
prior to 1.1.29 used a simple permissions scheme to allow or deny fax
transmission privileges. This scheme was easily circumvented because
the spooling directory used for outgoing faxes was world-writable.
All users of Mgetty should upgrade to these errata packages, which
contain Mgetty 1.1.30 and are not vulnerable to these issues.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12349 ()
CVE ID: CVE-2002-1391CVE-2002-1392
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.