Mandrake Linux Security Advisory : mgetty (MDKSA-2000:042)
High Nessus Plugin ID 61835
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionThere is a problem in the mgetty package, which contains a number of tools for sending and receiving faxes. The faxrunq tool uses a marker file in the /tmp directory, which is world-writable, in an insecure fashion. This problem, if exploited, allows malicious users to overwrite files on the system via a symlink attack which are owned by the user that is invoking faxrunq. All versions of mgetty prior to 1.1.22 are vulnerable.
SolutionUpdate the affected packages.