Network Security Audits / Vulnerability Assessments by SecuritySpace

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2003-37
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date : 17 Jun 2003
Last revised           : 17 Jun 2003

Package : mgetty

Summary : Vulnerabilities in mgetty

More information :
    These vulnerabilities allow remote attackers to cause a denial of service and
    possibly execute arbitrary code via a Caller ID string with a long CallerName argument as well as
    allow local users to modify fax transmission privilege.

Impact :
    This may allow remote attackers to cause a denial of service and
    possibly execute arbitrary code via a Caller ID string with a long CallerName argument.
    This allows local users to modify fax transmission privileges.

Affected Products :
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0

Solution :
    Please use turbopkg tool to apply the update.

<Turbolinux 8 Server>

   Source Packages
   Size : MD5

   mgetty-1.1.30-2.src.rpm
       988003 78c8f9013135e190ea012ad9f45d3a41

   Binary Packages
   Size : MD5

   mgetty-1.1.30-2.i586.rpm
       207015 e4331df5a7d9043c37d8faf66de963e9
   mgetty-sendfax-1.1.30-2.i586.rpm
       116012 3b1de7feb9dff8fcaf4b99f63bebcf71

<Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   mgetty-1.1.30-2.src.rpm
       988003 4967580ce5438c4e22e93b4393f76835

   Binary Packages
   Size : MD5

   mgetty-1.1.30-2.i586.rpm
       393696 8a8d1377a57014a922e743aad9a54533
   mgetty-sendfax-1.1.30-2.i586.rpm
       115967 75dbcf137d9ade7db2ae982c4fbb406c

<Turbolinux 7 Server>

   Source Packages
   Size : MD5

   mgetty-1.1.30-2.src.rpm
       988003 323f55190a7fb54281411453d666cac1

   Binary Packages
   Size : MD5

   mgetty-1.1.30-2.i586.rpm
       205546 2f5b614996247f94f990bb4ee192b372
   mgetty-sendfax-1.1.30-2.i586.rpm
       118026 b15166f50232b820583f4d6be501ba47

<Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   mgetty-1.1.30-2.src.rpm
       988003 a42c7d040dbc59c64ddf98c5575f0ca2

   Binary Packages
   Size : MD5

   mgetty-1.1.30-2.i586.rpm
       393463 140210b901024cb7a668f225d594c7be
   mgetty-sendfax-1.1.30-2.i586.rpm
       117987 adf097c7888c25a70796bb9b6934b12b

<Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   mgetty-1.1.30-3.src.rpm
       988201 5e02fe47c25f22d92a06dd96c61b2197

   Binary Packages
   Size : MD5

   mgetty-1.1.30-3.i386.rpm
       211366 890ba4fd999bbbe4b35a5a40f755a5e7
   mgetty-sendfax-1.1.30-3.i386.rpm
       120744 8db2127946e2759567917ffb92583e01
   mgetty-viewfax-1.1.30-3.i386.rpm
        57706 a939099e101693cdedad93459bdb6aa2
   mgetty-voice-1.1.30-3.i386.rpm
       357643 a3c960e331f9f6b964ec4d2431b2a6c2

<Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   mgetty-1.1.30-3.src.rpm
       988201 49c05928cd4049662fd085682f1d5dc9

   Binary Packages
   Size : MD5

   mgetty-1.1.30-3.i386.rpm
       211480 71bea7a8dedf975145655d2f22dd7fba
   mgetty-sendfax-1.1.30-3.i386.rpm
       120701 dea9cc9ccf5af0180c225d072d34858c
   mgetty-viewfax-1.1.30-3.i386.rpm
        57697 ab3c397d9f2d7b85f3304596d7e78f7e
   mgetty-voice-1.1.30-3.i386.rpm
       357593 83e839edc34068c991a54f59a8ac7150

<Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   mgetty-1.1.30-3.src.rpm
       988201 5a506b7b7c5ab7bf9ae69e388e83b429

   Binary Packages
   Size : MD5

   mgetty-1.1.30-3.i386.rpm
       211410 10dc715c3f7a4597f36a4eabf7734f81
   mgetty-sendfax-1.1.30-3.i386.rpm
       120749 b7b02bdfb0e81b76bc0e3d961cd360ae

<Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   mgetty-1.1.30-3.src.rpm
       988201 8b61814c6bccadffbe2617502d3226a9

   Binary Packages
   Size : MD5

   mgetty-1.1.30-3.i386.rpm
       211514 ad73e3c41472581c6a25ad7eb1d3c082
   mgetty-sendfax-1.1.30-3.i386.rpm
       120757 5cf98adacd001a4bbf387e5024f21ff3
   mgetty-voice-1.1.30-3.i386.rpm
       357601 a3eb8cc9655895dfe32d28b2fa3ad389

References :

CVE
   [CAN-2002-1391]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1391
   [CAN-2002-1392]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1392

--------------------------------------------------------------------------
Revision History
    17 Jun 2003 Initial release
--------------------------------------------------------------------------

Copyright(C) 2003 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+7upLK0LzjOqIJMwRAis9AJ9n1tL0RcxY+rPR3swnNqIpn/AjDwCeN0m8
QiXJH/j1n1fxm9Evzhuz+rY=
=IEok
-----END PGP SIGNATURE-----