An issue exists in mgetty prior to 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mgetty project mgetty |
||
debian debian linux 9.0 |
||
debian debian linux 8.0 |