Описание
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate " command.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| cosmic | ignored | end of life |
| devel | not-affected | 1.2.1-1 |
| disco | not-affected | 1.2.1-1 |
| eoan | not-affected | 1.2.1-1 |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | 1.2.1-1 |
| esm-apps/jammy | not-affected | 1.2.1-1 |
| esm-apps/noble | not-affected | 1.2.1-1 |
| esm-apps/xenial | released | 1.1.36-2.1+deb8u1build0.16.04.1 |
Показывать по
EPSS
7.2 High
CVSS2
7.8 High
CVSS3
Связанные уязвимости
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command.
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command.
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, ...
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command.
Уязвимость функции do_activate() пакета mgetty, позволяющая нарушителю выполнить произвольные команды
EPSS
7.2 High
CVSS2
7.8 High
CVSS3