Download
| Alert*
|
oval:org.secpod.oval:def:2001041
An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy, which can cause a stack-based buffer overflow. oval:org.secpod.oval:def:89043825 This update for mgetty fixes the following security issues: - CVE-2018-16741: The function do_activate did not properly sanitize shell metacharacters to prevent command injection - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached ... oval:org.secpod.oval:def:89002530 This update for mgetty fixes the following issues: - CVE-2018-16741: The function do_activate did not properly sanitize shell metacharacters to prevent command injection - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it - CVE ... oval:org.secpod.oval:def:89049651 This update for mgetty fixes the following issues: - CVE-2018-16741: The function do_activate did not properly sanitize shell metacharacters to prevent command injection . - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it . - C ... |
