cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mgetty | Gert_doering | * | 1.1.28 (including) |