Vulnerabilities > CVE-2005-3069 - Unspecified vulnerability in Hylafax 4.2.1
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-865.NASL description Javier Fernandez-Sanguino Pena discovered that several scripts of the hylafax suite, a flexible client/server fax software, create temporary files and directories in an insecure fashion, leaving them vulnerable to symlink exploits. last seen 2020-06-01 modified 2020-06-02 plugin id 20020 published 2005-10-19 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20020 title Debian DSA-865-1 : hylafax - insecure temporary files NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200509-21.NASL description The remote host is affected by the vulnerability described in GLSA-200509-21 (Hylafax: Insecure temporary file creation in xferfaxstats script) Javier Fernandez-Sanguino has discovered that xferfaxstats cron script supplied by Hylafax insecurely creates temporary files with predictable filenames. Impact : A local attacker could create symbolic links in the temporary file directory, pointing to a valid file somewhere on the filesystem. When the xferfaxstats script of Hylafax is executed, this would result in the file being overwritten with the rights of the user running the script, which typically is the root user. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19820 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19820 title GLSA-200509-21 : Hylafax: Insecure temporary file creation in xferfaxstats script NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-177.NASL description faxcron, recvstats, and xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. (CVE-2005-3069) In addition, HylaFax has some provisional support for Unix domain sockets, which is disabled in the default compile configuration. It is suspected that a local user could create a fake /tmp/hyla.unix socket and intercept fax traffic via this socket. In testing for this vulnerability, with CONFIG_UNIXTRANSPORT disabled, it has been found that client programs correctly exit before sending any data. (CVE-2005-3070) The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19985 published 2005-10-11 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19985 title Mandrake Linux Security Advisory : hylafax (MDKSA-2005:177)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329384
- http://secunia.com/advisories/16906
- http://secunia.com/advisories/17022
- http://secunia.com/advisories/17107
- http://secunia.com/advisories/17187
- http://www.debian.org/security/2005/dsa-865
- http://www.gentoo.org/security/en/glsa/glsa-200509-21.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:177
- http://www.securityfocus.com/bid/14907