Lucene search

[email protected]CVE-2005-3070

HistorySep 27, 2005 - 7:03 p.m.

CVE-2005-3070

2005-09-2719:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

hylafax

4.2.1

vulnerability

unix socket

denial of service

nvd

6.5 Medium

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

HylaFax 4.2.1 and earlier does not create or verify ownership of the UNIX domain socket, which might allow local users to read faxes and cause a denial of service by creating the socket using the hyla.unix temporary file.

CPENameOperatorVersion
hylafax:hylafaxhylafaxle4.2.1

CPE	Name	Operator	Version
hylafax:hylafax	hylafax	le	4.2.1

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=329384

secunia.com/advisories/17107

www.mandriva.com/security/advisories?name=MDKSA-2005:177

www.securityfocus.com/bid/15043

6.5 Medium

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2005-3070

debiancve1 ubuntucve1 nessus1