PT-2001-2677 · Mgetty · Mgetty-Viewfax+3
Published
1970-01-01
·
Updated
2017-10-10
·
CVE-2001-0141
CVSS v2.0
1.2
Low
| Vector | AV:L/AC:H/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
mgetty versions 1.1.22 through 1.1.25
mgetty-viewfax version 1.1.25
mgetty-sendfax version 1.1.25
mgetty-voice version 1.1.25
Description
The issue allows local users to overwrite arbitrary files via a symlink attack in some configurations, potentially leading to disruption of protected information integrity. Exploitation can be carried out locally by an attacker.
Recommendations
For mgetty versions 1.1.22 through 1.1.25, consider updating to a version that is not affected by this issue.
For mgetty-viewfax version 1.1.25, restrict access to the package until a patch is available.
For mgetty-sendfax version 1.1.25, avoid using the package in configurations where a symlink attack could be executed.
For mgetty-voice version 1.1.25, consider disabling the package temporarily until a fix is provided.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mgetty
Mgetty-Sendfax
Mgetty-Viewfax
Mgetty-Voice