ID CVE-2006-3126
Summary c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute arbitrary commands via null (\0) and shell metacharacters in the TSI string, as demonstrated by a fax from an anonymous number.
References
Vulnerable Configurations
  • cpe:2.3:a:julian_pawlowski:capi4hylafax:01.02.03
    cpe:2.3:a:julian_pawlowski:capi4hylafax:01.02.03
CVSS
Base: 7.5 (as of 06-09-2006 - 11:01)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1165.NASL
    description Lionel Elie Mamane discovered a security vulnerability in capi4hylafax, tools for faxing over a CAPI 2.0 device, that allows remote attackers to execute arbitrary commands on the fax receiving system.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22707
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22707
    title Debian DSA-1165-1 : capi4hylafax - missing input sanitising
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200610-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-200610-05 (CAPI4Hylafax fax receiver: Execution of arbitrary code) Lionel Elie Mamane discovered an error in c2faxrecv, which doesn't properly sanitize TSI strings when handling incoming calls. Impact : A remote attacker can send null (\\0) and shell metacharacters in the TSI string from an anonymous fax number, leading to the execution of arbitrary code with the rights of the user running c2faxrecv. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 22891
    published 2006-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22891
    title GLSA-200610-05 : CAPI4Hylafax fax receiver: Execution of arbitrary code
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CAPI4HYLAFAX-2378.NASL
    description By using shell meta characters in the sender number remote attackers could execute arbitrary commands. (CVE-2006-3126)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29390
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29390
    title SuSE 10 Security Update : capi4hylafax (ZYPP Patch Number 2378)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CAPI4HYLAFAX-2366.NASL
    description By using shell meta characters in the sender number remote attackers could execute arbitrary commands (CVE-2006-3126).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27170
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27170
    title openSUSE 10 Security Update : capi4hylafax (capi4hylafax-2366)
refmap via4
bid 19801
debian DSA-1165
gentoo GLSA-200610-05
misc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382474
secunia
  • 21722
  • 21726
  • 22450
suse SUSE-SR:2007:004
vupen ADV-2006-3430
Last major update 07-03-2011 - 21:37
Published 05-09-2006 - 20:04
Back to Top