Hylafax+ Project: >> Hylafax+ >> 5.2.0 Security Vulnerabilities
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-06-30
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).
CVSS Score
7.8
EPSS Score
0.002
Published
2020-06-30