cbcvebase.

Mgetty Project Mgetty vulnerabilities

12 known vulnerabilities affecting mgetty_project/mgetty.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH7MEDIUM4LOW1

Vulnerabilities

Page 1 of 1
CVE-2018-16741P3HIGHCVSS 7.8fixed in 1.2.12018-09-13
CVE-2018-16741 [HIGH] CWE-78 CVE-2018-16741: An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() doe An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate " command.
nvdosv
CVE-2018-16744P3HIGHCVSS 7.8fixed in 1.2.12018-09-13
CVE-2018-16744 [HIGH] CWE-78 CVE-2018-16744: An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parame An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used.
nvdosv
CVE-2018-16743P3HIGHCVSS 7.8fixed in 1.2.12018-09-13
CVE-2018-16743 [HIGH] CWE-787 CVE-2018-16743: An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line para An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.
nvdosv
CVE-2018-16742P3HIGHCVSS 7.8fixed in 1.2.12018-09-13
CVE-2018-16742 [HIGH] CWE-787 CVE-2018-16742: An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow ca An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter.
nvdosv
CVE-2018-16745P4HIGHCVSS 7.8fixed in 1.2.12018-09-13
CVE-2018-16745 [HIGH] CWE-119 CVE-2018-16745: An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parame An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.
nvdosv
CVE-2003-0516P4HIGHCVSS 7.5≥ 0, < 1.1.292003-08-18
CVE-2003-0516 [HIGH] CVE-2003-0516: cnd cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings.
osv
CVE-2002-1391P4HIGHCVSS 7.5≥ 0, < 1.1.30-12003-01-17
CVE-2002-1391 [HIGH] CVE-2002-1391: Buffer overflow in cnd-program for mgetty before 1 Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument.
osv
CVE-2019-1010190P4MEDIUMCVSS 5.5fixed in 1.2.12019-07-24
CVE-2019-1010190 [MEDIUM] CWE-125 CVE-2019-1010190: mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact is: DoS, the program may crash mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact is: DoS, the program may crash if the memory is not mapped. The component is: putwhitespan() in g3/pbm2g3.c. The attack vector is: Local, the victim must open a specially crafted file. The fixed version is: 1.2.1.
nvdosv
CVE-2019-1010189P4MEDIUMCVSS 5.5fixed in 1.2.12019-07-24
CVE-2019-1010189 [MEDIUM] CWE-835 CVE-2019-1010189: mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does ne mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1.
nvdosv
CVE-2008-4936P4MEDIUMCVSS 6.9≥ 0, < 1.1.36-1.32008-11-05
CVE-2008-4936 [MEDIUM] CVE-2008-4936: faxspool in mgetty 1 faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.
osv
CVE-2003-0517P4MEDIUMCVSS 5.5≤ 1.1.282003-08-18
CVE-2003-0517 [MEDIUM] CWE-59 CVE-2003-0517: faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files.
nvdosv
CVE-2002-1392P4LOWCVSS 2.1≥ 0, < 1.1.30-12003-01-17
CVE-2002-1392 [LOW] CVE-2002-1392: faxspool in mgetty before 1 faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges.
osv
Mgetty Project Mgetty vulnerabilities | cvebase