COMMAND

	mgetty buffer overflow and permissions problem

SYSTEMS AFFECTED

	all versions prior to 1.1.29

PROBLEM

	In RedHat Security Advisory RHSA-2003:036-01:
	
	mgetty is a getty replacement for use with data and fax modems.
	
	mgetty can be configured to run an external program  to  decide  whether
	or not to answer an  incoming  call  based  on  Caller  ID  information.
	Unpatched versions of mgetty prior to 1.1.29 would overflow an  internal
	buffer if the caller name reported by the modem was too long.
	
	Additionally, the faxspool  script  supplied  with  versions  of  mgetty
	prior to 1.1.29 used a simple permissions scheme to allow  or  deny  fax
	transmission privileges. This scheme  was  easily  circumvented  because
	the spooling directory used for outgoing faxes was world-writable.
	
	

SOLUTION

	Upgrade to mgetty 1.1.30