Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2005:177 (hylafax)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.55552

Kategorie: Mandrake Local Security Checks

Titel: Mandrake Security Advisory MDKSA-2005:177 (hylafax)

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

The remote host is missing an update to hylafax
announced via advisory MDKSA-2005:177.

faxcron, recvstats, and xferfaxstats in HylaFax 4.2.1 and earlier
allows local users to overwrite arbitrary files via a symlink attack
on temporary files. (CVE-2005-3069)

In addition, HylaFax has some provisional support for Unix domain
sockets, which is disabled in the default compile configuration. It is
suspected that a local user could create a fake /tmp/hyla.unix socket
and intercept fax traffic via this socket. In testing for this
vulnerability, with CONFIG_UNIXTRANSPORT disabled, it has been found
that client programs correctly exit before sending any data.
(CVE-2005-3070)

The updated packages have been patched to correct these issues.

Affected versions: 10.1, 10.2, 2006.0, Corporate 3.0,
Corporate Server 2.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:177

Risk factor : Medium

CVSS Score:
3.6

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2005-3069
BugTraq ID: 14907
http://www.securityfocus.com/bid/14907
Debian Security Information: DSA-865 (Google Search)
http://www.debian.org/security/2005/dsa-865
http://www.gentoo.org/security/en/glsa/glsa-200509-21.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:177
http://secunia.com/advisories/16906
http://secunia.com/advisories/17022
http://secunia.com/advisories/17107
http://secunia.com/advisories/17187
Common Vulnerability Exposure (CVE) ID: CVE-2005-3070
BugTraq ID: 15043
http://www.securityfocus.com/bid/15043
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329384

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.55552
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDKSA-2005:177 (hylafax)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to hylafax announced via advisory MDKSA-2005:177. faxcron, recvstats, and xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. (CVE-2005-3069) In addition, HylaFax has some provisional support for Unix domain sockets, which is disabled in the default compile configuration. It is suspected that a local user could create a fake /tmp/hyla.unix socket and intercept fax traffic via this socket. In testing for this vulnerability, with CONFIG_UNIXTRANSPORT disabled, it has been found that client programs correctly exit before sending any data. (CVE-2005-3070) The updated packages have been patched to correct these issues. Affected versions: 10.1, 10.2, 2006.0, Corporate 3.0, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:177 Risk factor : Medium CVSS Score: 3.6
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3069 BugTraq ID: 14907 http://www.securityfocus.com/bid/14907 Debian Security Information: DSA-865 (Google Search) http://www.debian.org/security/2005/dsa-865 http://www.gentoo.org/security/en/glsa/glsa-200509-21.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:177 http://secunia.com/advisories/16906 http://secunia.com/advisories/17022 http://secunia.com/advisories/17107 http://secunia.com/advisories/17187 Common Vulnerability Exposure (CVE) ID: CVE-2005-3070 BugTraq ID: 15043 http://www.securityfocus.com/bid/15043 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329384
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com