CAPI4HylaFAX Insecure Temporary File Creation Vulnerability
BID:17034
Info
CAPI4HylaFAX Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 17034 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 08 2006 12:00AM |
| Updated: | Mar 11 2006 12:05AM |
| Credit: | Javor Ninov <[email protected]> is credited with the discovery of this vulnerability. |
| Vulnerable: |
Julian Pawlowski CAPI4HylaFAX 1.3 |
| Not Vulnerable: | |
Discussion
CAPI4HylaFAX Insecure Temporary File Creation Vulnerability
CAPI4HylaFAX creates temporary files in an insecure manner. This may allow a local attacker to perform symbolic-link attacks.
Successful exploits may result in sensitive data or configuration files being overwritten. This may result in a denial of service; other attacks may also be possible.
CAPI4HylaFAX creates temporary files in an insecure manner. This may allow a local attacker to perform symbolic-link attacks.
Successful exploits may result in sensitive data or configuration files being overwritten. This may result in a denial of service; other attacks may also be possible.
Exploit / POC
CAPI4HylaFAX Insecure Temporary File Creation Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
CAPI4HylaFAX Insecure Temporary File Creation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
CAPI4HylaFAX Insecure Temporary File Creation Vulnerability
References:
References:
- CAPI4HylaFAX Home Page (CAPI4HylaFAX)
- Hylafax Web Site (Hylafax)
- capi4hylafax insecure manipulation with tmp files (Javor Ninov
)