CVE-2006-1231

Name of the Vulnerable Software and Affected Versions CAPI4HylaFAX version 1.3

Description The issue allows local users to modify arbitrary files via a symlink attack on the c2faxrecv dbgdatafile.sff temporary file when CAPI4HylaFAX is compiled with GENERATE DEBUGSFFDATAFILE set.

Recommendations For CAPI4HylaFAX version 1.3, as a temporary workaround, consider disabling the compilation with GENERATE DEBUGSFFDATAFILE set until a patch is available. Restrict access to the temporary file c2faxrecv dbgdatafile.sff to minimize the risk of exploitation.