Home page logo

bugtraq logo Bugtraq mailing list archives

Security Update: [CSSA-2003-021.0] OpenLinux: mgetty caller ID buffer overflow and spool perm vulnerabilities
From: security () sco com
Date: Tue, 13 May 2003 13:23:52 -0700

To: bugtraq () securityfocus com announce () lists caldera com security-alerts () linuxsecurity com


                        SCO Security Advisory

Subject:                OpenLinux: mgetty caller ID buffer overflow and spool perm vulnerabilities
Advisory number:        CSSA-2003-021.0
Issue date:             2003 May 13
Cross reference:

1. Problem Description

        mgetty will overflow an internal buffer if the caller name
        reported by the modem is too long.

        The faxspool spooling directory used for outgoing faxes was

2. Vulnerable Supported Versions

        System                          Package

        OpenLinux 3.1.1 Server          prior to mgetty-1.1.22_Aug17-13.i386.rpm

        OpenLinux 3.1.1 Workstation     prior to mgetty-1.1.22_Aug17-13.i386.rpm

3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.

4. OpenLinux 3.1.1 Server

        4.1 Package Location


        4.2 Packages

        be191369c6a4c96ea8bfacfc4e9842ac        mgetty-1.1.22_Aug17-13.i386.rpm

        4.3 Installation

        rpm -Fvh mgetty-1.1.22_Aug17-13.i386.rpm

        4.4 Source Package Location


        4.5 Source Packages

        cff0b40ec866ac025898a0a8c629d29a        mgetty-1.1.22_Aug17-13.src.rpm

5. OpenLinux 3.1.1 Workstation

        5.1 Package Location


        5.2 Packages

        ffe360af815ee57e3f55d29ebdfe8023        mgetty-1.1.22_Aug17-13.i386.rpm

        5.3 Installation

        rpm -Fvh mgetty-1.1.22_Aug17-13.i386.rpm

        5.4 Source Package Location


        5.5 Source Packages

        eeea9f8538004266355c7ff6e2c649d9        mgetty-1.1.22_Aug17-13.src.rpm

6. References

        Specific references for this advisory:


        SCO security resources:


        This security fix closes SCO incidents sr876805, fz527691,

7. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.


Attachment: _bin

  By Date           By Thread  

Current thread:
  • Security Update: [CSSA-2003-021.0] OpenLinux: mgetty caller ID buffer overflow and spool perm vulnerabilities security (May 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]