16 matches found
EUVD-2018-8545
Malware in sbrugna...
RHEL 6 : mgetty (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mgetty: command injection in faxrunq CVE-2018-16741 - mgetty: Stack-based buffer overflow in faxnotifymai...
SUSE CVE-2018-16744
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used...
CVE-2018-16745
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it. Mitigation Make sure the notify option in /etc/mgetty+sendfax/mgetty.config does not contain more than 150...
Command injection
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used...
Buffer overflow
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it...
CVE-2018-16745
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it...
UBUNTU-CVE-2018-16744
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used...
CVE-2018-16744
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used...
CVE-2018-16744
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used...
CVE-2018-16744
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used...
CVE-2018-16745
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it...
DEBIAN-CVE-2018-16744
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used...
CVE-2018-16745
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it...
CVE-2018-16744
Summary: CVE-2018-16744 affects mgetty before 1.2.1. In fax_notify_mail() (faxrec.c), the mail_to parameter is not sanitized, and because popen is used, untrusted input could trigger a command injection. The issue is documented across multiple advisories (e.g., Red Hat open/unpatched statuses) an...
CVE-2018-16744
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used...