A bug in the authentication code of hfaxd has been fixed that allowed attackers to gain unauthorized access to the fax system by guessing the content of the hosts.hfaxd file.
Please note that entries in hosts.hfaxd that are of the form
192.168.0 username:uid:pass:adminpass user@host
will no longer work after this update. Such entries should be changed into
192.168.0.[0-9]+ username@:uid:pass:adminpass user@host
If possible delimiters for the regular expressions should be used:
@192.168.0.[0-9]+$ ^username@:uid:pass:adminpass ^user@host$
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center