Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1182

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-1182
Last Modified 10 Sep 2008 03:29:27
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1182

Summary

hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password.

Vulnerable Systems

Application

  • Hylafax 4.1 Beta1

  • Hylafax 4.1 Beta2

  • Hylafax 4.1 Beta3

  • Hylafax 4.1.1

  • Hylafax 4.1.2

  • Hylafax 4.1.3

  • Hylafax 4.1.5

  • Hylafax 4.1.6

  • Hylafax 4.1.7

  • Hylafax 4.1.8

  • Hylafax 4.2.0


References

GENTOO - GLSA-200501-21

MLIST - [hylafax-announce] 20050111 **ANOUNCE** hylafax-4.2.1 released

BUGTRAQ - 20050111 HylaFAX hfaxd unauthorized login vulnerability

MANDRAKE - MDKSA-2005:006

SECUNIA - 13812


Last Updated: 27 May 2016 10:38:56