|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200610-05] CAPI4Hylafax fax receiver: Execution of arbitrary code Vulnerability Assessment Details
|
[GLSA-200610-05] CAPI4Hylafax fax receiver: Execution of arbitrary code |
||
CAPI4Hylafax fax receiver: Execution of arbitrary code Detailed Explanation for this Vulnerability Assessment The remote host is affected by the vulnerability described in GLSA-200610-05 (CAPI4Hylafax fax receiver: Execution of arbitrary code) Lionel Elie Mamane discovered an error in c2faxrecv, which doesn't properly sanitize TSI strings when handling incoming calls. Impact A remote attacker can send null (\0) and shell metacharacters in the TSI string from an anonymous fax number, leading to the execution of arbitrary code with the rights of the user running c2faxrecv. Workaround There is no known workaround at this time. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3126 Solution: All CAPI4Hylafax users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/capi4hylafax-01.03.00.99.300.3-r1" Network Security Threat Level: High Networks Security ID: Vulnerability Assessment Copyright: (C) 2006 Michel Arboi |
||
Cables, Connectors |
Grandstream GS-HT802 2 Port Analog Telephone Adapter VoIP Phone & Device, Black
$32.00
Yealink T54W IP Phone, 16 VoIP Accounts. 4.3-Inch Color Display - Black
$99.99
LOT OF 10 Cisco CP-7841-K9 VoIP 4-Line Business Phone w/ Stand Handset Cord
$69.99
Yealink SIP-T41P PoE Ultra Elegant VoIP Phone
$29.95
Yealink W73H IP DECT VOIP Phone
$10.00
Polycom VVX 411 Business IP Phone 12-Line Gigabit PoE VOIP 2200-48450-001 NEW
$42.00
New Cisco 7945G IP VoIP Gigabit GIGE Telephone Phone CP-7945G -
$24.95
Cisco CP-7945G VOIP Phone With Stand & Handset Business IP Phone 7945
$3.00
Cisco CP-8821-K9 Wireless IP VoIP Phone WITH BATTERY
$199.99
NEW Open Box Polycom CCX 400 VoIP Desk Phone PoE 2200-49700-001 (BR)
$107.96
|
||
No Discussions have been posted on this vulnerability. |