Vulnerability Name:

CVE-2001-1034 (CCN-7164)

Assigned:2001-09-23
Published:2001-09-23
Updated:2017-12-19
Summary:Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: BugTraq Mailing List, Sun Sep 23 2001 - 04:50:45 CDT
hylafax

Source: CCN
Type: BugTraq Mailing List, Mon Sep 24 2001 - 11:54:12 CDT
Re: hylafax

Source: CCN
Type: BugTraq Mailing List, Mon Jul 29 2002 - 12:02:06 CDT
HylaFAX - Various Vulnerabilities Fixed

Source: CCN
Type: HylaFAX Bugzilla Bug 202
faxrm & faxalter format string vulnerabilities

Source: MITRE
Type: CNA
CVE-2001-1034

Source: DEBIAN
Type: DSA-148
hylafax -- buffer overflows and format string vulnerabilities

Source: CCN
Type: HylaFAX Web site
HylaFAX Download Page

Source: CCN
Type: OSVDB ID: 14814
HylaFAX faxrm -h Parameter Local Format String

Source: CCN
Type: OSVDB ID: 14815
HylaFAX faxalter -h Parameter Local Format String

Source: BUGTRAQ
Type: UNKNOWN
20010923 hylafax

Source: BID
Type: Vendor Advisory
3357

Source: CCN
Type: BID-3357
Hylafax Hostname Format String Vulnerability

Source: XF
Type: UNKNOWN
hylafax-hostname-format-string(7164)

Source: XF
Type: UNKNOWN
hylafax-hostname-format-string(7164)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:freebsd:freebsd:4.4:-:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:hylafax:hylafax:4.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:148
    V
    buffer overflows and format string vulnerabilities
    2002-08-12
    BACK
    freebsd freebsd 4.4
    hylafax hylafax 4.1
    debian debian linux 2.2
    mandrakesoft mandrake linux 7.1
    mandrakesoft mandrake linux 7.2
    mandrakesoft mandrake linux corporate server 1.0.1
    mandrakesoft mandrake linux 8.0
    mandrakesoft mandrake linux 8.1
    mandrakesoft mandrake linux 8.2
    debian debian linux 3.0
    mandrakesoft mandrake linux 8.0
    mandrakesoft mandrake linux 8.1
    mandrakesoft mandrake linux 8.2