CVE-2020-15396 log
| Source |
|
| Severity | Medium |
| Remote | No |
| Type | Privilege escalation |
| Description | In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1447 | hylafax | 6.0.7-4 | Medium | Unknown | FS#69314 |
| References |
|---|
https://sourceforge.net/p/hylafax/HylaFAX+/2534/ |