|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200610-05] CAPI4Hylafax fax receiver: Execution of arbitrary code Vulnerability Scan
Vulnerability Scan Summary
CAPI4Hylafax fax receiver: Execution of arbitrary code
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200610-05
(CAPI4Hylafax fax receiver: Execution of arbitrary code)
Lionel Elie Mamane discovered an error in c2faxrecv, which doesn't
properly sanitize TSI strings when handling incoming calls.
Impact
A remote attacker can send null (\0) and shell metacharacters in the
TSI string from an anonymous fax number, leading to the execution of
arbitrary code with the rights of the user running c2faxrecv.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3126
Solution:
All CAPI4Hylafax users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/capi4hylafax-01.03.00.99.300.3-r1"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
