Joined: 12 May 2004
|Posted: Sat Dec 06, 2008 6:26 pm Post subject: [ GLSA 200812-08 ] Mgetty: Insecure temporary file usage
|Gentoo Linux Security Advisory
Title: Mgetty: Insecure temporary file usage (GLSA 200812-08)
Date: December 06, 2008
Updated: December 23, 2008
Mgetty uses temporary files in an insecure manner, allowing for symlink
Mgetty is a set of fax and voice modem programs.
Vulnerable: < 1.1.36-r3
Unaffected: >= 1.1.36-r3
Architectures: All supported architectures
Dmitry E. Oboukhov reported that the "spooldir" directory in
fax/faxspool.in is created in an insecure manner.
A local attacker could exploit this vulnerability to overwrite
arbitrary files with the privileges of the user running the
There is no known workaround at this time.
All Mgetty users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dialup/mgetty-1.1.36-r3"
Last edited by GLSA on Wed May 25, 2011 4:27 am; edited 3 times in total