SB2018091309 - Multiple vulnerabilities in Mgetty+Sendfax
Published: September 13, 2018 Updated: July 17, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2018-16742)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a command-line parameter. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Buffer overflow (CVE-ID: CVE-2018-16743)
The vulnerability allows a local authenticated user to execute arbitrary code.
An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.
3) OS Command Injection (CVE-ID: CVE-2018-16744)
The vulnerability allows a local authenticated user to execute arbitrary code.
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used.
4) Buffer overflow (CVE-ID: CVE-2018-16745)
The vulnerability allows a local authenticated user to execute arbitrary code.
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.
Remediation
Install update from vendor's website.