PT-2005-4329 · Hylafax · Hylafax

Patrice Fournier

Published

2005-12-31

Updated

2018-10-19

CVE-2005-3538

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions HylaFAX version 4.2.3

Description The issue allows remote attackers to gain privileges by accepting arbitrary passwords when PAM support is disabled in hfaxd.

Recommendations For HylaFAX version 4.2.3, consider enabling PAM support to prevent the acceptance of arbitrary passwords. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3538

Affected Products

Hylafax

PT-2005-4329 · Hylafax · Hylafax

CVE-2005-3538

Related Identifiers

Affected Products

References · 15