Debian Security Advisory DSA 1329-1 (gfax) Network Vulnerability

Summary

The remote host is missing an update to gfax announced via advisory DSA 1329-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201329-1

Insight

Steve Kemp from the Debian Security Audit project discovered that gfax, a GHOME frontend for fax programs, uses temporary files in an unsafe manner which may be exploited to execute arbitary commands with the privileges of the root user. For the old stable distribution (sarge) this problem has been fixed in version 0.4.2-11sarge1. The stable distribution (etch) is not affected by this problem. The unstable distribution (sid) is not affected by this problem. We recommend that you upgrade your gfax package.

Severity

Classification

CVE CVE-2007-2839
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 1008-1 (kdegraphics)
Debian Security Advisory DSA 096-1 (mutt)
Debian Security Advisory DSA 1072-1 (nagios)
Debian Security Advisory DSA 085-1 (nvi, nvi-m17n)
Debian Security Advisory DSA 1031-1 (cacti)

Take action and discover your vulnerabilities