Mandrake Linux Security Advisory : mgetty (MDKSA-2000:042)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

There is a problem in the mgetty package, which contains a number of
tools for sending and receiving faxes. The faxrunq tool uses a marker
file in the /tmp directory, which is world-writable, in an insecure
fashion. This problem, if exploited, allows malicious users to
overwrite files on the system via a symlink attack which are owned by
the user that is invoking faxrunq. All versions of mgetty prior to
1.1.22 are vulnerable.

Solution :

Update the affected packages.

Risk factor :

High

Family: Mandriva Local Security Checks

Nessus Plugin ID: 61835 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now