MGASA-2018-0402
- Source
- https://advisories.mageia.org/MGASA-2018-0402.html
- Import Source
- https://advisories.mageia.org/MGASA-2018-0402.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2018-0402
- Related
- Published
- 2018-10-19T18:00:37Z
- Modified
- 2018-10-19T17:34:09Z
- Summary
- Updated mgetty packages fix security vulnerabilities
- Details
-
Updated mgetty packages fix security vulnerabilities:
The function do_activate() did not properly sanitize shell metacharacters to prevent command injection (CVE-2018-16741).
Stack-based buffer overflow that could have been triggered via a command-line parameter (CVE-2018-16742).
The command-line parameter username wsa passed unsanitized to strcpy(), which could have caused a stack-based buffer overflow (CVE-2018-16743).
The mail_to parameter was not sanitized, leading to command injection if untrusted input reached reach it (CVE-2018-16744).
The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it (CVE-2018-16745).
- References
- Credits
-
-
- Mageia - COORDINATOR
-