PT-2018-13921 · Hylafax+1 · Hylafax+1

Eric Sesterhenn

Publicado

2018-09-20

Atualizado

2024-06-15

CVE-2018-17141

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HylaFAX version 6.0.6 HylaFAX+ version 5.6.0

Description The issue allows remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled. This is mishandled in the FaxModem::writeECMData() function in the faxd/CopyQuality.c++ file.

Recommendations For HylaFAX version 6.0.6, consider disabling the FaxModem::writeECMData() function until a patch is available. For HylaFAX+ version 5.6.0, restrict access to the faxd/CopyQuality.c++ file to minimize the risk of exploitation.

Exploit

Correção

RCE

Memory Corruption

Access of Uninitialized Pointer

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-824

Identificadores relacionados

CVE-2018-17141

DLA-1515-1

DSA-4298-1

MGASA-2018-0456

OPENSUSE-SU-2018_2797-1

OPENSUSE-SU-2024:10852-1

Produtos afetados

Hylafax

Suse

PT-2018-13921 · Hylafax+1 · Hylafax+1

CVE-2018-17141

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 26