Vulnerabilities > CVE-2004-1182 - Unspecified vulnerability in Hylafax

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
hylafax
nessus
NVD
Published: 2004-12-31
Updated: 2016-10-18

Summary

hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password.

Vulnerable Configurations

Part Description Count
Application
Hylafax
11

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-634.NASL
    descriptionPatrice Fournier discovered a vulnerability in the authorisation subsystem of hylafax, a flexible client/server fax system. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorised access to the fax system. Some installations of hylafax may actually utilise the weak hostname and username validation for authorized uses. For example, hosts.hfaxd entries that may be common are 192.168.0 username:uid:pass:adminpass user@host After updating, these entries will need to be modified in order to continue to function. Respectively, the correct entries should be 192.168.0.[0-9]+ username@:uid:pass:adminpass user@host Unless such matching of
    last seen2020-06-01
    modified2020-06-02
    plugin id16131
    published2005-01-12
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16131
    titleDebian DSA-634-1 : hylafax - weak hostname and username validation
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200501-21.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200501-21 (HylaFAX: hfaxd unauthorized login vulnerability) The code used by hfaxd to match a given username and hostname with an entry in the hosts.hfaxd file is insufficiently protected against malicious entries. Impact : If the HylaFAX installation uses a weak hosts.hfaxd file, a remote attacker could authenticate using a malicious username or hostname and bypass the intended access restrictions. Workaround : As a workaround, administrators may consider adding passwords to all entries in the hosts.hfaxd file.
    last seen2020-06-01
    modified2020-06-02
    plugin id16412
    published2005-02-14
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16412
    titleGLSA-200501-21 : HylaFAX: hfaxd unauthorized login vulnerability
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_8EABAAD9641F11D992A7000A95BC6FAE.NASL
    descriptionA flaw in HylaFAX may allow an attacker to bypass normal authentication by spoofing their DNS PTR records.
    last seen2020-06-01
    modified2020-06-02
    plugin id19027
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19027
    titleFreeBSD : hylafax -- unauthorized login vulnerability (8eabaad9-641f-11d9-92a7-000a95bc6fae)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-006.NASL
    descriptionPatrice Fournier discovered a vulnerability in the authorization sub-system of hylafax. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorized access to the fax system. The updated packages are provided to prevent this issue. Note that the packages included with Corporate Server 2.1 do not require this fix.
    last seen2020-06-01
    modified2020-06-02
    plugin id16157
    published2005-01-13
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16157
    titleMandrake Linux Security Advisory : hylafax (MDKSA-2005:006)
  • NASL familyMisc.
    NASL idHYLAFAX_BYPASS.NASL
    descriptionThe remote host is running HylaFAX, a fax transmission software. It is reported that HylaFAX is prone to an access control bypass vulnerability. An attacker, exploiting this flaw, may be able to gain unauthorized access to the service.
    last seen2020-06-01
    modified2020-06-02
    plugin id16126
    published2005-01-11
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16126
    titleHylaFAX Remote Access Control Bypass

References