Arbitrary Command Execution in mgetty 1.1.28 and Earlier

Arbitrary Command Execution in mgetty 1.1.28 and Earlier

CVE-2003-0516 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings.

Learn more about our Web Application Penetration Testing UK.