First published: Thu Sep 13 2018(Updated: )
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/mgetty | 1.2.1-1 1.2.1-1.1 1.2.1-1.2 | |
Mgetty Project Mgetty | <1.2.1 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.