Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3539

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3539
Last Modified 07 Mar 2011 09:26:45
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3539

Summary

Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3.

Vulnerable Systems

Application

  • Hylafax 4.1.1

  • Hylafax 4.2

  • Hylafax 4.2.1

  • Hylafax 4.2.2

  • Hylafax 4.2.3


References

BID - 16151

GENTOO - GLSA-200601-03

SECUNIA - 18337

SECUNIA - 18314

VUPEN - ADV-2006-0072

BUGTRAQ - 20060105 HylaFAX Security advisory - fixed in HylaFAX 4.2.4

CONFIRM - http://www.hylafax.org/content/HylaFAX_4.2.4_release

MISC - http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719

MANDRIVA - MDKSA-2006:015

DEBIAN - DSA-933

SECUNIA - 18489

SECUNIA - 18366


Last Updated: 27 May 2016 10:40:57