CVE-2000-0691

mgetty - Arbitrary File Write via Symlink Attack in faxrunq and faxrunqd

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0691. PoCs published by Stan Bubrouski.

AI-analyzed exploit summary This exploit leverages a symbolic link vulnerability in mgetty's faxrunq and faxrunqd programs to create or overwrite arbitrary files, potentially leading to local root compromise. The PoC demonstrates how a local attacker can manipulate the .last_run file in /var/spool/fax/outgoing to achieve this.

Description

The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Stan Bubrouski · textlocalunix
https://www.exploit-db.com/exploits/20179

This exploit leverages a symbolic link vulnerability in mgetty's faxrunq and faxrunqd programs to create or overwrite arbitrary files, potentially leading to local root compromise. The PoC demonstrates how a local attacker can manipulate the .last_run file in /var/spool/fax/outgoing to achieve this.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: mgetty (faxrunq and faxrunqd programs)
No auth needed
Prerequisites: Local access to the system · mgetty installed with faxrunq or faxrunqd · Write permissions to /var/spool/fax/outgoing
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1612
Third Party Advisory x_refsource_confirm
http://archives.neohapsis.com/archives/bugtraq/2000-08/0330.html
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-08/0329.html
Patch, Vendor Advisory vendor-advisory x_refsource_caldera
http://www.calderasystems.com/support/security/advisories/CSSA-2000-029.0.txt

Scores

EPSS 0.0092
EPSS Percentile 55.5%

Details

Status published
Products (3)
gert_doering/mgetty 1.1.19
gert_doering/mgetty 1.1.20
gert_doering/mgetty 1.1.21
Published Oct 20, 2000
Tracked Since Feb 18, 2026