Rapid7 Vulnerability & Exploit Database

SuSE: hylafax 4.1.7-160

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SuSE: hylafax 4.1.7-160

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

01/28/2005

Created

07/25/2018

Added

11/08/2005

Modified

11/18/2015

Description

A bug in the authentication code of hfaxd has been fixed that allowed attackers to gain unauthorized access to the fax system by guessing the content of the hosts.hfaxd file.

Please note that entries in hosts.hfaxd that are of the form

192.168.0 username:uid:pass:adminpass user@host

will no longer work after this update. Such entries should be changed into

192.168.0.[0-9]+ username@:uid:pass:adminpass user@host

If possible delimiters for the regular expressions should be used:

@192.168.0.[0-9]+$ ^username@:uid:pass:adminpass ^user@host$

Solution(s)

References

SUSE-hylafax-4.1.7-160-90_x86_64
http://www.novell.com/linux/download/updates/90_x86_64.html

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;