Описание
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used.
Меры по смягчению последствий
Make sure the notify option in /etc/mgetty+sendfax/mgetty.config does not contain characters that can be possibly interpreted by the shell and that the file is readable and writable only by root.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | mgetty | Will not fix | ||
| Red Hat Enterprise Linux 6 | mgetty | Will not fix | ||
| Red Hat Enterprise Linux 7 | mgetty | Fix deferred |
Показывать по
Дополнительная информация
Статус:
4.1 Medium
CVSS3
Связанные уязвимости
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used.
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used.
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() i ...
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used.
4.1 Medium
CVSS3