Lucene search
Redhat.comRH:CVE-2018-16744HistorySep 17, 2018 - 5:49 p.m.
CVE-2018-16744
2018-09-1717:49:37
redhat.com
access.redhat.com
8
0.001 Low
EPSS
Percentile
25.0%
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used.
Mitigation
Make sure the notify option in /etc/mgetty+sendfax/mgetty.config does not contain characters that can be possibly interpreted by the shell and that the file is readable and writable only by root.
Related
nvd
nvd
CVE-2018-16744
2018-09-13 16:29:00
ubuntucve
ubuntucve
CVE-2018-16744
2018-09-13 00:00:00
prion
prion
Command injection
2018-09-13 16:29:00
debiancve
debiancve
CVE-2018-16744
2018-09-13 16:29:00
cve
cve
CVE-2018-16744
2018-09-13 16:29:00
cvelist
cvelist
CVE-2018-16744
2018-09-13 16:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: mgetty-1.1.37-11.fc29
2019-02-27 03:29:09
[SECURITY] Fedora 28 Update: mgetty-1.1.37-10.fc28
2019-02-27 01:16:25
nessus
nessus
RHEL 5 : mgetty (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 6 : mgetty (Unpatched Vulnerability)
2024-06-03 00:00:00
Fedora 29 : mgetty (2019-da586db907)
2019-02-27 00:00:00
openvas
openvas
Fedora Update for mgetty FEDORA-2019-da586db907
2019-05-07 00:00:00
Huawei EulerOS: Security Advisory for mgetty (EulerOS-SA-2020-2257)
2020-10-30 00:00:00
Huawei EulerOS: Security Advisory for mgetty (EulerOS-SA-2020-2140)
2020-09-29 00:00:00
suse
suse
Security update for mgetty (moderate)
2018-10-12 12:10:55
Security update for mgetty (important)
2018-09-28 21:08:15
zdt
zdt
mgetty 1.2.0 Buffer Overflow / Privilege Escalation Vulnerabilities
2018-09-21 00:00:00
mageia
mageia
Updated mgetty packages fix security vulnerabilities
2018-10-19 21:00:37
rosalinux
rosalinux
Advisory ROSA-SA-2021-1919
2021-07-02 17:29:39