CVE-2007-2839

Published: 05/07/2007 Updated: 29/07/2017

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian gfax

Debian Bug report logs - #431893 CVE-2007-2839: Trivial local-root attack Package: gfax; Maintainer for gfax is Debian CLI Applications Team <pkg-cli-apps-team@listsaliothdebianorg>; Source for gfax is src:gfax (PTS, buildd, popcon) Reported by: Steve Kemp <skx@debianorg> Date: Thu, 5 Jul 2007 19:49:32 UTC Seve ...

Steve Kemp from the Debian Security Audit project discovered that gfax, a GNOME frontend for fax programs, uses temporary files in an unsafe manner which may be exploited to execute arbitrary commands with the privileges of the root user For the old stable distribution (sarge) this problem has been fixed in version 042-11sarge1 The stable distr ...

source: wwwsecurityfocuscom/bid/24780/info GFAX is prone to a vulnerability that lets local attackers execute arbitrary commands with superuser privileges Successful attacks will result in the complete compromise of affected computers GFAX 076 is vulnerable; other versions may also be affected while true; do echo "*/1 * * * * root ...

NVD-CWE-Other http://www.debian.org/security/2007/dsa-1329 http://www.securityfocus.com/bid/24780 http://www.securitytracker.com/id?1018335 http://secunia.com/advisories/25967 http://secunia.com/advisories/25937 http://osvdb.org/37883 https://exchange.xforce.ibmcloud.com/vulnerabilities/35403 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431893 https://nvd.nist.gov https://www.exploit-db.com/exploits/30280/https://www.debian.org/security/./dsa-1329

CVE-2007-2839

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect