CVE-2005-3069 : xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitr

xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file.

Published 2005-09-27 19:03:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2005-3069

Hylafax » Hylafax » Version: 4.2.1
cpe:2.3:a:hylafax:hylafax:4.2.1:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 18 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329384

#329384 - hylafax: Temporary file vulnerability in xferfaxstats and other security concerns - Debian Bug report logs
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/14907
http://secunia.com/advisories/17022

About Secunia Research | Flexera
http://www.gentoo.org/security/en/glsa/glsa-200509-21.xml

Hylafax: Insecure temporary file creation in xferfaxstats script (GLSA 200509-21) — Gentoo security
http://secunia.com/advisories/17107

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/17187

About Secunia Research | Flexera
http://www.mandriva.com/security/advisories?name=MDKSA-2005:177

Mandriva

CVEs referencing this url
http://secunia.com/advisories/16906

About Secunia Research | Flexera
http://www.debian.org/security/2005/dsa-865

[SECURITY] [DSA 865-1] New hylafax packages fix insecure temporary files

Jump to