ID CVE-2018-16741
Summary An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1502.NASL
    description Two input sanitization failures have been found in the faxrunq and faxq binaries in mgetty. An attacker could leverage them to insert commands via shell metacharacters in jobs id and have them executed with the privilege of the faxrunq/faxq user. For Debian 8 'Jessie', this problem has been fixed in version 1.1.36-2.1+deb8u1. We recommend that you upgrade your mgetty packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-14
    modified 2018-09-12
    plugin id 117434
    published 2018-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117434
    title Debian DLA-1502-1 : mgetty security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1080.NASL
    description This update for mgetty fixes the following issues : - CVE-2018-16741: The function do_activate() did not properly sanitize shell metacharacters to prevent command injection (bsc#1108752). - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it (bsc#1108756). - CVE-2018-16744: The mail_to parameter was not sanitized, leading to command injection if untrusted input reached reach it (bsc#1108757). - CVE-2018-16742: Prevent stack-based buffer overflow that could have been triggered via a command-line parameter (bsc#1108762). - CVE-2018-16743: The command-line parameter username wsa passed unsanitized to strcpy(), which could have caused a stack-based buffer overflow (bsc#1108761). This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2018-10-02
    modified 2018-10-01
    plugin id 117855
    published 2018-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117855
    title openSUSE Security Update : mgetty (openSUSE-2018-1080)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4291.NASL
    description Two input sanitization failures have been found in the faxrunq and faxq binaries in mgetty, a smart modem getty replacement. An attacker could leverage them to insert commands via shell metacharacters in jobs id and have them executed with the privilege of the faxrunq/faxq user.
    last seen 2018-09-14
    modified 2018-09-12
    plugin id 117436
    published 2018-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117436
    title Debian DSA-4291-1 : mgetty - security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2979-1.NASL
    description This update for mgetty fixes the following security issues : CVE-2018-16741: The function do_activate() did not properly sanitize shell metacharacters to prevent command injection (bsc#1108752) CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it (bsc#1108756) CVE-2018-16744: The mail_to parameter was not sanitized, leading to command injection if untrusted input reached reach it (bsc#1108757) CVE-2018-16742: Prevent stack-based buffer overflow that could have been triggered via a command-line parameter (bsc#1108762) CVE-2018-16743: The command-line parameter username wsa passed unsanitized to strcpy(), which could have caused a stack-based buffer overflow (bsc#1108761) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-04
    modified 2018-10-03
    plugin id 117903
    published 2018-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117903
    title SUSE SLED12 / SLES12 Security Update : mgetty (SUSE-SU-2018:2979-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2850-1.NASL
    description This update for mgetty fixes the following issues : CVE-2018-16741: The function do_activate() did not properly sanitize shell metacharacters to prevent command injection (bsc#1108752) CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it (bsc#1108756) CVE-2018-16744: The mail_to parameter was not sanitized, leading to command injection if untrusted input reached reach it (bsc#1108757) CVE-2018-16742: Prevent stack-based buffer overflow that could have been triggered via a command-line parameter (bsc#1108762) CVE-2018-16743: The command-line parameter username wsa passed unsanitized to strcpy(), which could have caused a stack-based buffer overflow (bsc#1108761) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-28
    modified 2018-09-27
    plugin id 117799
    published 2018-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117799
    title SUSE SLES11 Security Update : mgetty (SUSE-SU-2018:2850-1)
refmap via4
debian DSA-4291
misc https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty
mlist [debian-lts-announce] 20180912 [SECURITY] [DLA 1502-1] mgetty security update
Last major update 13-09-2018 - 12:29
Published 13-09-2018 - 12:29
Last modified 13-09-2018 - 12:29
Back to Top