HylaFAX < 4.2.2 RC1 xferfaxstats Symlink Arbitrary File Overwrite

medium Nessus Network Monitor Plugin ID 3236

Synopsis

The fax server creates temporary files in an insecure manner.

Description

The remote host is running HylaFAX, a fax transmission software. It is reported that HylaFAX is prone to a flaw in the way that it creates temporary files. A local attacker exploiting this flaw would be able to gain access to potentially confidential information or use the flaw to escalate their privileges on the machine.

Solution

Upgrade to version 4.2.2 RC1 or higher.

Plugin Details

Severity: Medium

ID: 3236

Family: Generic

Published: 9/22/2005

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:hylafax:hylafax

Reference Information

CVE: CVE-2005-3069, CVE-2005-3070

BID: 14907, 15043

Detections

Analytics