Candidate: CVE-2018-16741
PublicDate: 2018-09-13 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16741
 https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
Description:
 An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the
 function do_activate() does not properly sanitize shell metacharacters to
 prevent command injection. It is possible to use the ||, &&, or >
 characters within a file created by the "faxq-helper activate <jobid>"
 command.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_mgetty:
upstream_mgetty: released (1.1.36-2.1+deb8u1, 1.1.36-3+deb9u1)
precise/esm_mgetty: DNE
trusty_mgetty: ignored (reached end-of-life)
trusty/esm_mgetty: DNE (trusty was needed)
xenial_mgetty: released (1.1.36-2.1+deb8u1build0.16.04.1)
bionic_mgetty: needed
cosmic_mgetty: ignored (reached end-of-life)
disco_mgetty: not-affected (1.2.1-1)
eoan_mgetty: not-affected (1.2.1-1)
focal_mgetty: not-affected (1.2.1-1)
groovy_mgetty: not-affected (1.2.1-1)
hirsute_mgetty: not-affected (1.2.1-1)
impish_mgetty: not-affected (1.2.1-1)
jammy_mgetty: not-affected (1.2.1-1)
devel_mgetty: not-affected (1.2.1-1)