Back to search
CVE-2020-15397
Published: Jun 30, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://sourceforge.net/p/hylafax/HylaFAX+/2534/
x_refsource_MISC
https://bugzilla.suse.com/show_bug.cgi?id=1173519
x_refsource_MISC
GLSA-202007-06
vendor-advisory
x_refsource_GENTOO
FEDORA-2020-8aa8793d25
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-01eb48bcce
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2020:1209
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2020:1210
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2020:1231
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2020:1438
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now