HylaFAX < 4.2.2 RC1 xferfaxstats Symlink Arbitrary File Overwrite

Low Nessus Network Monitor Plugin ID 3236

Synopsis

The fax server creates temporary files in an insecure manner.

Description

The remote host is running HylaFAX, a fax transmission software. It is reported that HylaFAX is prone to a flaw in the way that it creates temporary files. A local attacker exploiting this flaw would be able to gain access to potentially confidential information or use the flaw to escalate their privileges on the machine.

Solution

Upgrade to version 4.2.2 RC1 or higher.

Plugin Details

Severity: Low

ID: 3236

File Name: 3236.prm

Family: Generic

Published: 2005/09/22

Modified: 2016/11/23

Risk Information

Risk Factor: Low

CVSSv2

Base Score: 2.1

Temporal Score: 1.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:ND

CVSSv3

Base Score: 3.9

Temporal Score: 3.7

Vector: CVSS3#AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS3#E:H/RL:O/RC:X

Reference Information

CVE: CVE-2005-3069, CVE-2005-3070

BID: 14907, 15043

OSVDB: 19596