Detections
Analytics

CVE-2005-3539

critical

Description

Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3.

References

http://www.vupen.com/english/advisories/2006/0072

http://www.securityfocus.com/archive/1/420974/100/0/threaded

http://www.mandriva.com/security/advisories?name=MDKSA-2006:015

http://www.hylafax.org/content/HylaFAX_4.2.4_release

http://www.gentoo.org/security/en/glsa/glsa-200601-03.xml

http://www.debian.org/security/2005/dsa-933

http://secunia.com/advisories/18489

http://secunia.com/advisories/18366

http://secunia.com/advisories/18337

http://secunia.com/advisories/18314

http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719

Details

Source: Mitre, NVD

Published: 2005-12-31

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical