CVE-2005-3539 Information
Description
Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3.
Reference
http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719 http://secunia.com/advisories/18314 http://secunia.com/advisories/18337 http://secunia.com/advisories/18366 http://secunia.com/advisories/18489 http://www.debian.org/security/2005/dsa-933 http://www.gentoo.org/security/en/glsa/glsa-200601-03.xml http://www.hylafax.org/content/HylaFAX_4.2.4_release http://www.mandriva.com/security/advisories?name=MDKSA-2006:015 http://www.securityfocus.com/archive/1/420974/100/0/threaded http://www.securityfocus.com/bid/16151 http://www.vupen.com/english/advisories/2006/0072
Share on: