CVE-2005-3539
hylafax - arbitrary command execution
EPSS 31.0%
Description
Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3.
How to fix CVE-2005-3539
To remediate CVE-2005-3539, upgrade the affected package to a fixed version below.
- Debian/hylafax—upgrade to 2:4.2.4-2 or later
- Debian/hylafax—upgrade to 4.1.1-4woody1 or later
Is CVE-2005-3539 being exploited?
Moderate — EPSS is 31.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2:4.2.4-2
- from 0, < 4.1.1-4woody1