Vulnerability Name: | CVE-2001-1034 (CCN-7164) | ||||||||
Assigned: | 2001-09-23 | ||||||||
Published: | 2001-09-23 | ||||||||
Updated: | 2017-12-19 | ||||||||
Summary: | Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter. | ||||||||
CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Sun Sep 23 2001 - 04:50:45 CDT hylafax Source: CCN Type: BugTraq Mailing List, Mon Sep 24 2001 - 11:54:12 CDT Re: hylafax Source: CCN Type: BugTraq Mailing List, Mon Jul 29 2002 - 12:02:06 CDT HylaFAX - Various Vulnerabilities Fixed Source: CCN Type: HylaFAX Bugzilla Bug 202 faxrm & faxalter format string vulnerabilities Source: MITRE Type: CNA CVE-2001-1034 Source: DEBIAN Type: DSA-148 hylafax -- buffer overflows and format string vulnerabilities Source: CCN Type: HylaFAX Web site HylaFAX Download Page Source: CCN Type: OSVDB ID: 14814 HylaFAX faxrm -h Parameter Local Format String Source: CCN Type: OSVDB ID: 14815 HylaFAX faxalter -h Parameter Local Format String Source: BUGTRAQ Type: UNKNOWN 20010923 hylafax Source: BID Type: Vendor Advisory 3357 Source: CCN Type: BID-3357 Hylafax Hostname Format String Vulnerability Source: XF Type: UNKNOWN hylafax-hostname-format-string(7164) Source: XF Type: UNKNOWN hylafax-hostname-format-string(7164) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |