CVE-2005-3539

2005-12-3105:00:00

Debian Security Bug Tracker

security-tracker.debian.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.097 Low

EPSS

Percentile

94.7%

JSON

Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3.

OSVersionArchitecturePackageVersionFilename
Debian12allhylafax< 2:4.2.4-2hylafax_2:4.2.4-2_all.deb
Debian11allhylafax< 2:4.2.4-2hylafax_2:4.2.4-2_all.deb
Debian10allhylafax< 2:4.2.4-2hylafax_2:4.2.4-2_all.deb
Debian999allhylafax< 2:4.2.4-2hylafax_2:4.2.4-2_all.deb
Debian13allhylafax< 2:4.2.4-2hylafax_2:4.2.4-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	hylafax	< 2:4.2.4-2	hylafax_2:4.2.4-2_all.deb
Debian	11	all	hylafax	< 2:4.2.4-2	hylafax_2:4.2.4-2_all.deb
Debian	10	all	hylafax	< 2:4.2.4-2	hylafax_2:4.2.4-2_all.deb
Debian	999	all	hylafax	< 2:4.2.4-2	hylafax_2:4.2.4-2_all.deb
Debian	13	all	hylafax	< 2:4.2.4-2	hylafax_2:4.2.4-2_all.deb