CVE-2002-1392

Name of the Vulnerable Software and Affected Versions mgetty versions prior to 1.1.29 mgetty-sendfax versions 1.1.30 mgetty-viewfax versions 1.1.30 mgetty-voice versions 1.1.30

Description The issue concerns multiple vulnerabilities in the mgetty package of Red Hat Linux, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Additionally, a specific vulnerability in faxspool allows local users to modify fax transmission privileges due to the use of a world-writable spool directory for outgoing faxes.

Recommendations For mgetty versions prior to 1.1.29, update to version 1.1.29 or later to resolve the issue. For mgetty-sendfax, mgetty-viewfax, and mgetty-voice versions 1.1.30, consider disabling the vulnerable components until a patch is available. As a temporary workaround, restrict access to the faxspool directory to minimize the risk of exploitation.