Vulnerabilities > CVE-2001-0141 - Unspecified vulnerability in Gert Doering Mgetty 1.1.22
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-011.NASL description Immunix reports that mgetty does not create temporary files in a secure manner, which could lead to a symlink attack. This has been corrected in mgetty 1.1.21-3potato1 last seen 2020-06-01 modified 2020-06-02 plugin id 14848 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14848 title Debian DSA-011-2 : mgetty - insecure tempfile handling code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-011. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(14848); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:16"); script_cve_id("CVE-2001-0141"); script_bugtraq_id(2187); script_xref(name:"DSA", value:"011"); script_name(english:"Debian DSA-011-2 : mgetty - insecure tempfile handling"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Immunix reports that mgetty does not create temporary files in a secure manner, which could lead to a symlink attack. This has been corrected in mgetty 1.1.21-3potato1" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2001/dsa-011" ); script_set_attribute( attribute:"solution", value:"Upgrade the mgetty package immediately." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mgetty"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"patch_publication_date", value:"2001/01/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"mgetty", reference:"1.1.21-3potato1")) flag++; if (deb_check(release:"2.2", prefix:"mgetty-docs", reference:"1.1.21-3potato1")) flag++; if (deb_check(release:"2.2", prefix:"mgetty-fax", reference:"1.1.21-3potato1")) flag++; if (deb_check(release:"2.2", prefix:"mgetty-viewfax", reference:"1.1.21-3potato1")) flag++; if (deb_check(release:"2.2", prefix:"mgetty-voice", reference:"1.1.21-3potato1")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:deb_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2001-009.NASL description WireX discovered a potential temporary file race condition in the mgetty program. All versions of mgetty prior to 1.1.24 are vulnerable. last seen 2020-06-01 modified 2020-06-02 plugin id 61883 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61883 title Mandrake Linux Security Advisory : mgetty (MDKSA-2001:009) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2001:009. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(61883); script_version("1.5"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2001-0141"); script_xref(name:"MDKSA", value:"2001:009"); script_name(english:"Mandrake Linux Security Advisory : mgetty (MDKSA-2001:009)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "WireX discovered a potential temporary file race condition in the mgetty program. All versions of mgetty prior to 1.1.24 are vulnerable." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mgetty"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mgetty-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mgetty-sendfax"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mgetty-viewfax"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mgetty-voice"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:6.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:6.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2"); script_set_attribute(attribute:"patch_publication_date", value:"2001/01/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK6.0", cpu:"i386", reference:"mgetty-1.1.24-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK6.0", cpu:"i386", reference:"mgetty-contrib-1.1.24-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK6.0", cpu:"i386", reference:"mgetty-sendfax-1.1.24-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK6.0", cpu:"i386", reference:"mgetty-viewfax-1.1.24-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK6.0", cpu:"i386", reference:"mgetty-voice-1.1.24-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK6.1", cpu:"i386", reference:"mgetty-1.1.24-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK6.1", cpu:"i386", reference:"mgetty-contrib-1.1.24-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK6.1", cpu:"i386", reference:"mgetty-sendfax-1.1.24-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK6.1", cpu:"i386", reference:"mgetty-viewfax-1.1.24-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK6.1", cpu:"i386", reference:"mgetty-voice-1.1.24-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.0", cpu:"i386", reference:"mgetty-1.1.24-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.0", cpu:"i386", reference:"mgetty-contrib-1.1.24-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.0", cpu:"i386", reference:"mgetty-sendfax-1.1.24-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.0", cpu:"i386", reference:"mgetty-viewfax-1.1.24-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.0", cpu:"i386", reference:"mgetty-voice-1.1.24-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"mgetty-1.1.24-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"mgetty-contrib-1.1.24-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"mgetty-sendfax-1.1.24-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"mgetty-viewfax-1.1.24-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"mgetty-voice-1.1.24-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"mgetty-1.1.24-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"mgetty-contrib-1.1.24-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"mgetty-sendfax-1.1.24-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"mgetty-viewfax-1.1.24-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"mgetty-voice-1.1.24-1.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Redhat
| advisories |
|
References
- http://marc.info/?l=bugtraq&m=97916374410647&w=2
- http://www.calderasystems.com/support/security/advisories/CSSA-2001-002.0.txt
- http://www.debian.org/security/2001/dsa-011
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-009.php3
- http://www.redhat.com/support/errata/RHSA-2001-050.html
- http://www.securityfocus.com/bid/2187
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5918