CVE-2005-3538

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-3538
hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719 Patch
http://secunia.com/advisories/18314 Patch Vendor Advisory
http://secunia.com/advisories/18337 Patch Vendor Advisory
http://secunia.com/advisories/18489
http://www.gentoo.org/security/en/glsa/glsa-200601-03.xml Patch
http://www.hylafax.org/archive/2005-12/msg00119.php
http://www.hylafax.org/content/HylaFAX_4.2.4_release
http://www.mandriva.com/security/advisories?name=MDKSA-2006:015
http://www.securityfocus.com/archive/1/420974/100/0/threaded
http://www.securityfocus.com/bid/16150 Patch
http://www.vupen.com/english/advisories/2006/0072
http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719 Patch
http://secunia.com/advisories/18314 Patch Vendor Advisory
http://secunia.com/advisories/18337 Patch Vendor Advisory
http://secunia.com/advisories/18489
http://www.gentoo.org/security/en/glsa/glsa-200601-03.xml Patch
http://www.hylafax.org/archive/2005-12/msg00119.php
http://www.hylafax.org/content/HylaFAX_4.2.4_release
http://www.mandriva.com/security/advisories?name=MDKSA-2006:015
http://www.securityfocus.com/archive/1/420974/100/0/threaded
http://www.securityfocus.com/bid/16150 Patch
http://www.vupen.com/english/advisories/2006/0072
Configurations

Configuration 1 (hide)

cpe:2.3:a:ifax_solutions:hylafax:4.2.3:*:*:*:*:*:*:*
History

21 Nov 2024, 00:02

Type Values Removed Values Added
References () http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719 - Patch () http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719 - Patch
References () http://secunia.com/advisories/18314 - Patch, Vendor Advisory () http://secunia.com/advisories/18314 - Patch, Vendor Advisory
References () http://secunia.com/advisories/18337 - Patch, Vendor Advisory () http://secunia.com/advisories/18337 - Patch, Vendor Advisory
References () http://secunia.com/advisories/18489 - () http://secunia.com/advisories/18489 -
References () http://www.gentoo.org/security/en/glsa/glsa-200601-03.xml - Patch () http://www.gentoo.org/security/en/glsa/glsa-200601-03.xml - Patch
References () http://www.hylafax.org/archive/2005-12/msg00119.php - () http://www.hylafax.org/archive/2005-12/msg00119.php -
References () http://www.hylafax.org/content/HylaFAX_4.2.4_release - () http://www.hylafax.org/content/HylaFAX_4.2.4_release -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2006:015 - () http://www.mandriva.com/security/advisories?name=MDKSA-2006:015 -
References () http://www.securityfocus.com/archive/1/420974/100/0/threaded - () http://www.securityfocus.com/archive/1/420974/100/0/threaded -
References () http://www.securityfocus.com/bid/16150 - Patch () http://www.securityfocus.com/bid/16150 - Patch
References () http://www.vupen.com/english/advisories/2006/0072 - () http://www.vupen.com/english/advisories/2006/0072 -
Information

Published : 2005-12-31 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2005-3538

Mitre link : CVE-2005-3538

CVE.ORG link : CVE-2005-3538

JSON object : View

Products Affected

ifax_solutions

  • hylafax
CWE
NVD-CWE-Other