This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing one or more security
faxcron, recvstats, and xferfaxstats in HylaFax 4.2.1 and earlier
allows local users to overwrite arbitrary files via a symlink attack
on temporary files. (CVE-2005-3069)
In addition, HylaFax has some provisional support for Unix domain
sockets, which is disabled in the default compile configuration. It is
suspected that a local user could create a fake /tmp/hyla.unix socket
and intercept fax traffic via this socket. In testing for this
vulnerability, with CONFIG_UNIXTRANSPORT disabled, it has been found
that client programs correctly exit before sending any data.
The updated packages have been patched to correct these issues.
Update the affected packages.
Risk factor :
Low / CVSS Base Score : 3.6