PT-2002-1215 · Efax · Efax

Published

2002-03-15

Updated

2016-10-18

CVE-2002-0129

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions efax versions 0.9 and earlier

Description The issue allows local users to read arbitrary files when the software is installed setuid root. This is achieved via the -d option, which prints the contents of the file in a warning message.

Recommendations For efax versions 0.9 and earlier, consider removing the setuid root installation to prevent exploitation until a patch is available. As a temporary workaround, restrict access to the -d option to minimize the risk of arbitrary file reading.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

AZL-36937

AZL-7197

CVE-2002-0129

Affected Products

Efax

PT-2002-1215 · Efax · Efax

CVE-2002-0129

Related Identifiers

Affected Products

References · 7