CVE-2018-16741

Sažetak

An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command.

Reference

https://lists.debian.org/debian-lts-announce/2018/09/msg00012.html
https://www.debian.org/security/2018/dsa-4291
https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

03-10-2019 - 00:03

Objavljeno

13-09-2018 - 16:29