SB2018101211 - OpenSUSE Linux update for mgetty 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018101211

SB2018101211 - OpenSUSE Linux update for mgetty

Published: October 12, 2018

Security Bulletin ID SB2018101211
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) OS Command Injection (CVE-ID: CVE-2018-16741)

The vulnerability allows a local user to execute arbitrary shell commands on the target system.

The vulnerability exists within mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() due to improper sanitization of shell metacharacters. A local user can use ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command to execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Stack-based buffer overflow (CVE-ID: CVE-2018-16742)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a command-line parameter. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Buffer overflow (CVE-ID: CVE-2018-16743)

The vulnerability allows a local authenticated user to execute arbitrary code.

An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.


4) OS Command Injection (CVE-ID: CVE-2018-16744)

The vulnerability allows a local authenticated user to execute arbitrary code.

An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used.


5) Buffer overflow (CVE-ID: CVE-2018-16745)

The vulnerability allows a local authenticated user to execute arbitrary code.

An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.


Remediation

Install update from vendor's website.

References