CVE-2005-3539 (GCVE-0-2005-3539)
Vulnerability from cvelistv5
Published
2006-01-06 11:00
Modified
2024-08-07 23:17
Severity ?
CWE
  • n/a
Summary
Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3.
References
security@debian.org http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719
security@debian.org http://secunia.com/advisories/18314 Patch, Vendor Advisory
security@debian.org http://secunia.com/advisories/18337 Patch, Vendor Advisory
security@debian.org http://secunia.com/advisories/18366
security@debian.org http://secunia.com/advisories/18489
security@debian.org http://www.debian.org/security/2005/dsa-933
security@debian.org http://www.gentoo.org/security/en/glsa/glsa-200601-03.xml Patch, Vendor Advisory
security@debian.org http://www.hylafax.org/content/HylaFAX_4.2.4_release
security@debian.org http://www.mandriva.com/security/advisories?name=MDKSA-2006:015
security@debian.org http://www.securityfocus.com/archive/1/420974/100/0/threaded
security@debian.org http://www.securityfocus.com/bid/16151 Exploit, Patch
security@debian.org http://www.vupen.com/english/advisories/2006/0072
af854a3a-2127-422b-91ae-364da2661108 http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/18314 Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/18337 Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/18366
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/18489
af854a3a-2127-422b-91ae-364da2661108 http://www.debian.org/security/2005/dsa-933
af854a3a-2127-422b-91ae-364da2661108 http://www.gentoo.org/security/en/glsa/glsa-200601-03.xml Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.hylafax.org/content/HylaFAX_4.2.4_release
af854a3a-2127-422b-91ae-364da2661108 http://www.mandriva.com/security/advisories?name=MDKSA-2006:015
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/archive/1/420974/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/bid/16151 Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108 http://www.vupen.com/english/advisories/2006/0072
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:17:23.340Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "18314",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18314"
          },
          {
            "name": "16151",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16151"
          },
          {
            "name": "18366",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18366"
          },
          {
            "name": "18337",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18337"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hylafax.org/content/HylaFAX_4.2.4_release"
          },
          {
            "name": "GLSA-200601-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-03.xml"
          },
          {
            "name": "18489",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18489"
          },
          {
            "name": "DSA-933",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-933"
          },
          {
            "name": "20060105 HylaFAX Security advisory - fixed in HylaFAX 4.2.4",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/420974/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719"
          },
          {
            "name": "ADV-2006-0072",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0072"
          },
          {
            "name": "MDKSA-2006:015",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:015"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-01-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "18314",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18314"
        },
        {
          "name": "16151",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16151"
        },
        {
          "name": "18366",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18366"
        },
        {
          "name": "18337",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18337"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hylafax.org/content/HylaFAX_4.2.4_release"
        },
        {
          "name": "GLSA-200601-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-03.xml"
        },
        {
          "name": "18489",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18489"
        },
        {
          "name": "DSA-933",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-933"
        },
        {
          "name": "20060105 HylaFAX Security advisory - fixed in HylaFAX 4.2.4",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/420974/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719"
        },
        {
          "name": "ADV-2006-0072",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0072"
        },
        {
          "name": "MDKSA-2006:015",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:015"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2005-3539",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "18314",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18314"
            },
            {
              "name": "16151",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16151"
            },
            {
              "name": "18366",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18366"
            },
            {
              "name": "18337",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18337"
            },
            {
              "name": "http://www.hylafax.org/content/HylaFAX_4.2.4_release",
              "refsource": "CONFIRM",
              "url": "http://www.hylafax.org/content/HylaFAX_4.2.4_release"
            },
            {
              "name": "GLSA-200601-03",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-03.xml"
            },
            {
              "name": "18489",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18489"
            },
            {
              "name": "DSA-933",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-933"
            },
            {
              "name": "20060105 HylaFAX Security advisory - fixed in HylaFAX 4.2.4",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/420974/100/0/threaded"
            },
            {
              "name": "http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719",
              "refsource": "MISC",
              "url": "http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719"
            },
            {
              "name": "ADV-2006-0072",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0072"
            },
            {
              "name": "MDKSA-2006:015",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:015"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2005-3539",
    "datePublished": "2006-01-06T11:00:00",
    "dateReserved": "2005-11-16T00:00:00",
    "dateUpdated": "2024-08-07T23:17:23.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2005-3539\",\"sourceIdentifier\":\"security@debian.org\",\"published\":\"2005-12-31T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hylafax:hylafax:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1932A13-7BC2-4E15-B1E6-54B62F36B5FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hylafax:hylafax:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1986347-8C08-4F35-BA61-6155DC68263E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hylafax:hylafax:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFCC3306-1850-4CDE-B97C-377CD3FE3D0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hylafax:hylafax:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C0F177-AD00-4D46-B80F-ACE1C5A75595\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hylafax:hylafax:4.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FA4C7C6-EF84-436F-94F8-8600372CBE92\"}]}]}],\"references\":[{\"url\":\"http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719\",\"source\":\"security@debian.org\"},{\"url\":\"http://secunia.com/advisories/18314\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18337\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18366\",\"source\":\"security@debian.org\"},{\"url\":\"http://secunia.com/advisories/18489\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.debian.org/security/2005/dsa-933\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200601-03.xml\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.hylafax.org/content/HylaFAX_4.2.4_release\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:015\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/420974/100/0/threaded\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.securityfocus.com/bid/16151\",\"source\":\"security@debian.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/0072\",\"source\":\"security@debian.org\"},{\"url\":\"http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/18314\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18337\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18366\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/18489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2005/dsa-933\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200601-03.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.hylafax.org/content/HylaFAX_4.2.4_release\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:015\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/420974/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/16151\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/0072\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.