Vulnerability CVE-2018-16741
Published: 2018-09-13

Description:
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command.

Type:

CWE-78

 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Debian -> Debian linux 

 References:
https://lists.debian.org/debian-lts-announce/2018/09/msg00012.html
https://www.debian.org/security/2018/dsa-4291
https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty
Copyright 2024, cxsecurity.com

 

Back to Top