2006-09-06 00:00:00
debian
PUBLISHED
c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute arbitrary commands via null (0) and shell metacharacters in the TSI string, as demonstrated by a fax from an anonymous number.