Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
mgetty 安全漏洞
Vulnerability Description
mgetty是一款getty的替代程序,用于数据和传真操作。 mgetty 1.2.1之前版本中存在安全漏洞,该漏洞源于在fax/faxq-helper.c文件中,‘do_activate()’函数没有正确的过滤shell元字符。攻击者可借助shell元字符利用该漏洞注入命令,并以faxrunq/faxq用户权限执行该命令。
CVSS Information
N/A
Vulnerability Type
N/A