Detections
Analytics
Mandrake Linux Security Advisory : mgetty (MDKSA-2000:042)
high Nessus Plugin ID 61835
Language:
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
There is a problem in the mgetty package, which contains a number of tools for sending and receiving faxes. The faxrunq tool uses a marker file in the /tmp directory, which is world-writable, in an insecure fashion. This problem, if exploited, allows malicious users to overwrite files on the system via a symlink attack which are owned by the user that is invoking faxrunq. All versions of mgetty prior to 1.1.22 are vulnerable.Solution
Update the affected packages.Plugin Details
Severity: High
ID: 61835
File Name: mandrake_MDKSA-2000-042.nasl
Version: 1.6
Type: local
Family: Mandriva Local Security Checks
Published: 9/6/2012
Updated: 1/6/2021
Supported Sensors: Nessus
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:mgetty, p-cpe:/a:mandriva:linux:mgetty-contrib, p-cpe:/a:mandriva:linux:mgetty-sendfax, p-cpe:/a:mandriva:linux:mgetty-viewfax, p-cpe:/a:mandriva:linux:mgetty-voice, cpe:/o:mandrakesoft:mandrake_linux:6.0, cpe:/o:mandrakesoft:mandrake_linux:6.1, cpe:/o:mandrakesoft:mandrake_linux:7.0, cpe:/o:mandrakesoft:mandrake_linux:7.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 8/31/2000
Reference Information
MDKSA: 2000:042