CVE-2018-16741 in Ubuntu

CVE-2018-16741

Priority

Description

An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the
function do_activate() does not properly sanitize shell metacharacters to
prevent command injection. It is possible to use the ||, &&, or >
characters within a file created by the "faxq-helper activate <jobid>"
command.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16741
https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/

Notes

Package

Source: mgetty (LP Ubuntu Debian)

Upstream:	released (1.1.36-2.1+deb8u1, 1.1.36-3+deb9u1)
Ubuntu 18.04 LTS:	needed
Ubuntu 20.04 LTS:	not-affected (1.2.1-1)
Ubuntu 21.10:	not-affected (1.2.1-1)
Ubuntu 22.04 LTS:	not-affected (1.2.1-1)
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-04-25 00:25:01 UTC (commit ecc1009cb19540b950de59270950018900f37f15)