Vulnerability Details CVE-2018-16741
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.1%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- https://lists.debian.org/debian-lts-announce/2018/09/msg00012.html
- https://www.debian.org/security/2018/dsa-4291
- https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty
- https://lists.debian.org/debian-lts-announce/2018/09/msg00012.html
- https://www.debian.org/security/2018/dsa-4291
- https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty
Products affected by CVE-2018-16741
-
cpe:2.3:a:mgetty_project:mgetty:-
-
cpe:2.3:a:mgetty_project:mgetty:1.1.28
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0