Apple Not Affected

Notified:  September 18, 2001 Updated: September 20, 2001

Status

Not Affected

Vendor Statement

Mac OS X does not contain mgetty, and is not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

BSDI Unknown

Notified:  September 18, 2001 Updated: September 20, 2001

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Caldera Affected

Notified:  January 10, 2001 Updated: September 13, 2001

Status

Affected

Vendor Statement

http://www.caldera.com/support/security/advisories/CSSA-2001-002.0.txt

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Cray Not Affected

Notified:  September 18, 2001 Updated: September 27, 2001

Status

Not Affected

Vendor Statement

Cray, Inc. does not provide mgetty with its operating system software so we are not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Cray Unknown

Notified:  September 18, 2001 Updated: September 20, 2001

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Data General Unknown

Notified:  September 18, 2001 Updated: September 20, 2001

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Debian Affected

Notified:  March 06, 2001 Updated: September 13, 2001

Status

Affected

Vendor Statement

http://lists.debian.org/debian-security-announce/debian-security-announce-2001/msg00000.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

DEC Unknown

Notified:  September 18, 2001 Updated: September 20, 2001

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

FreeBSD Affected

Notified:  September 20, 2000 Updated: September 13, 2001

Status

Affected

Vendor Statement

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:71.mgetty.asc

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Fujitsu Unknown

Notified:  September 18, 2001 Updated: September 20, 2001

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

HP Not Affected

Notified:  September 18, 2001 Updated: September 20, 2001

Status

Not Affected

Vendor Statement

HP-UX is not effected.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

IBM Not Affected

Notified:  September 18, 2001 Updated: September 20, 2001

Status

Not Affected

Vendor Statement

IBM's AIX operating system does not include mgetty and the faxrunq service, so AIX is not vulnerable to the exploit described.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Immunix Affected

Notified:  January 10, 2001 Updated: September 13, 2001

Status

Affected

Vendor Statement

http://www.linuxsecurity.com/advisories/other_advisory-1034.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

MandrakeSoft Affected

Notified:  January 10, 2001 Updated: September 13, 2001

Status

Affected

Vendor Statement

http://www.linux-mandrake.com/en/updates/2001/MDKSA-2001-009.php3?dis=6.1

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NEC Unknown

Notified:  September 18, 2001 Updated: September 20, 2001

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NetBSD Not Affected

Notified:  September 18, 2001 Updated: November 08, 2001

Status

Not Affected

Vendor Statement

NetBSD does not ship with mgetty as part of the base distribution, but it is available as an optional third-party package. We did distribute a package with a vulnerable version (less that 1.1.22). We do not intend to release a specific vulnerability notice, but we do have other means of notifying users of our third party packages about vulnerabilities in said packages (the "audit-packages" system).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NeXT Unknown

Notified:  September 18, 2001 Updated: September 20, 2001

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

OpenBSD Not Affected

Notified:  September 18, 2001 Updated: September 20, 2001

Status

Not Affected

Vendor Statement

OpenBSD does not use mgetty.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

RedHat Affected

Notified:  September 18, 2001 Updated: September 20, 2001

Status

Affected

Vendor Statement

http://www.redhat.com/support/errata/RHSA-2001-050.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SCO Not Affected

Notified:  September 18, 2001 Updated: September 20, 2001

Status

Not Affected

Vendor Statement

Caldera's UNIX products (OpenServer, UnixWare, Open Unix) do not ship mgetty.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sequent Unknown

Notified:  September 18, 2001 Updated: September 20, 2001

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SGI Unknown

Notified:  September 18, 2001 Updated: September 20, 2001

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sony Unknown

Notified:  September 18, 2001 Updated: September 20, 2001

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sun Unknown

Notified:  September 18, 2001 Updated: September 20, 2001

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Unisys Unknown

Notified:  September 18, 2001 Updated: September 20, 2001

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

View all 25 vendors View less vendors