Vulnerabilities > CVE-2007-2839 - Local Arbitrary Command Execution vulnerability in Debian Gfax 0.4.2

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
debian
nessus
exploit available
NVD
Published: 2007-07-05
Updated: 2017-07-29

Summary

gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Debian
2

Exploit-Db

descriptionGFax 0.7.6 Temporary Files Local Arbitrary Command Execution Vulnerability. CVE-2007-2839. Local exploit for linux platform
idEDB-ID:30280
last seen2016-02-03
modified2007-07-05
published2007-07-05
reporterSteve Kemp
sourcehttps://www.exploit-db.com/download/30280/
titleGFax 0.7.6 Temporary Files Local Arbitrary Command Execution Vulnerability

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-1329.NASL
descriptionSteve Kemp from the Debian Security Audit project discovered that gfax, a GNOME frontend for fax programs, uses temporary files in an unsafe manner which may be exploited to execute arbitrary commands with the privileges of the root user.
last seen2020-06-01
modified2020-06-02
plugin id25676
published2007-07-10
reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/25676
titleDebian DSA-1329-1 : gfax - insecure temporary files

References