cnd.c in mgetty 1.1.28 and previous versions does not properly filter non-printable characters and quotes, which may allow remote malicious users to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gert doering mgetty |