Your submission was sent successfully! Close

CVE-2018-16741

Published: 13 September 2018

An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command.

Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
mgetty
Launchpad, Ubuntu, Debian
bionic Needed

cosmic Ignored
(reached end-of-life)
disco Not vulnerable
(1.2.1-1)
eoan Not vulnerable
(1.2.1-1)
focal Not vulnerable
(1.2.1-1)
groovy Not vulnerable
(1.2.1-1)
hirsute Not vulnerable
(1.2.1-1)
impish Not vulnerable
(1.2.1-1)
jammy Not vulnerable
(1.2.1-1)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (1.1.36-2.1+deb8u1, 1.1.36-3+deb9u1)
xenial
Released (1.1.36-2.1+deb8u1build0.16.04.1)