CVE-2003-0516

cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings.

Published: Aug 18, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-0516
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
gert_doering / mgetty	-	1.1.28.x

ftp://alpha.greenie.net/pub/mgetty/source/1.1/mgetty1.1.29-Nov25.tar.gz

Vulnerability Database

291,049

CVE-2003-0516