Description
The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Stan Bubrouski · textlocalunix
https://www.exploit-db.com/exploits/20179
References (4)
Core 4
Core References
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1612
Third Party Advisory x_refsource_confirm
http://archives.neohapsis.com/archives/bugtraq/2000-08/0330.html
Exploit, Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-08/0329.html
Patch, Vendor Advisory vendor-advisory
x_refsource_caldera
http://www.calderasystems.com/support/security/advisories/CSSA-2000-029.0.txt
Scores
EPSS
0.0053
EPSS Percentile
67.3%
Details
Status
published
Products (3)
gert_doering/mgetty
1.1.19
gert_doering/mgetty
1.1.20
gert_doering/mgetty
1.1.21
Published
Oct 20, 2000
Tracked Since
Feb 18, 2026