Mandrake Linux Security Advisory : mgetty (MDKSA-2000:042)

high Nessus Plugin ID 61835

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

There is a problem in the mgetty package, which contains a number of tools for sending and receiving faxes. The faxrunq tool uses a marker file in the /tmp directory, which is world-writable, in an insecure fashion. This problem, if exploited, allows malicious users to overwrite files on the system via a symlink attack which are owned by the user that is invoking faxrunq. All versions of mgetty prior to 1.1.22 are vulnerable.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 61835

File Name: mandrake_MDKSA-2000-042.nasl

Version: 1.6

Type: local

Published: 9/6/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:mgetty, p-cpe:/a:mandriva:linux:mgetty-contrib, p-cpe:/a:mandriva:linux:mgetty-sendfax, p-cpe:/a:mandriva:linux:mgetty-viewfax, p-cpe:/a:mandriva:linux:mgetty-voice, cpe:/o:mandrakesoft:mandrake_linux:6.0, cpe:/o:mandrakesoft:mandrake_linux:6.1, cpe:/o:mandrakesoft:mandrake_linux:7.0, cpe:/o:mandrakesoft:mandrake_linux:7.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 8/31/2000

Reference Information

MDKSA: 2000:042