Updated Mgetty packages are now available to fix a possible buffer overflow and a permissions problem.
Mgetty is a getty replacement for use with data and fax modems.
Mgetty can be configured to run an external program to decide whether or not to answer an incoming call based on Caller ID information. Versions of Mgetty prior to 1.1.29 would overflow an internal buffer if the caller name reported by the modem was too long.
Additionally, the faxspool script supplied with versions of Mgetty prior to 1.1.29 used a simple permissions scheme to allow or deny fax transmission privileges. This scheme was easily circumvented because the spooling directory used for outgoing faxes was world-writable.
All users of Mgetty should upgrade to these errata packages, which contain Mgetty 1.1.30 and are not vulnerable to these issues.
Get the newest RedHat Updates.
Low Attack Complexity, Partial Confidentiality Impact, Partial Integrity Impact, Partial Availability Impact