HylaFAX < 4.2.2 RC1 xferfaxstats Symlink Arbitrary File Overwrite

Low Nessus Network Monitor Plugin ID 3236


The fax server creates temporary files in an insecure manner.


The remote host is running HylaFAX, a fax transmission software. It is reported that HylaFAX is prone to a flaw in the way that it creates temporary files. A local attacker exploiting this flaw would be able to gain access to potentially confidential information or use the flaw to escalate their privileges on the machine.


Upgrade to version 4.2.2 RC1 or higher.

Plugin Details

Severity: Low

ID: 3236

File Name: 3236.prm

Family: Generic

Published: 2005/09/22

Modified: 2016/11/23

Risk Information

Risk Factor: Low


Base Score: 2.1

Temporal Score: 1.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:ND


Base Score: 3.9

Temporal Score: 3.7


Temporal Vector: CVSS3#E:H/RL:O/RC:X

Reference Information

CVE: CVE-2005-3069, CVE-2005-3070

BID: 14907, 15043

OSVDB: 19596