Published: 31/12/2004 Updated: 18/10/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

hfaxd in HylaFAX prior to 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote malicious users to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hylafax hylafax 4.1.2
hylafax hylafax 4.1.3
hylafax hylafax 4.1_beta3
hylafax hylafax 4.2.0
hylafax hylafax 4.1.7
hylafax hylafax 4.1.8
hylafax hylafax 4.1.5
hylafax hylafax 4.1.6
hylafax hylafax 4.1.1
hylafax hylafax 4.1_beta1
hylafax hylafax 4.1_beta2

Patrice Fournier discovered a vulnerability in the authorisation subsystem of hylafax, a flexible client/server fax system A local or remote user guessing the contents of the hostshfaxd database could gain unauthorised access to the fax system Some installations of hylafax may actually utilise the weak hostname and username validation for author ...

NVD-CWE-Other http://www.debian.org/security/2004/dsa-634 http://security.gentoo.org/glsa/glsa-200501-21.xml http://secunia.com/advisories/13812 http://www.mandriva.com/security/advisories?name=MDKSA-2005:006 http://marc.info/?l=bugtraq&m=110546971307585&w=2 http://marc.info/?l=hylafax&m=110545119911558&w=2 https://nvd.nist.gov https://www.debian.org/security/./dsa-634

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-1182

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect