Rapid7 Vulnerability & Exploit Database

SuSE: hylafax 4.2.0-5.2

Back to Search

SuSE: hylafax 4.2.0-5.2

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
01/28/2005
Created
07/25/2018
Added
11/08/2005
Modified
11/18/2015

Description

A bug in the authentication code of hfaxd has been fixed that allowed attackers to gain unauthorized access to the fax system by guessing the content of the hosts.hfaxd file.

Please note that entries in hosts.hfaxd that are of the form

192.168.0 username:uid:pass:adminpass user@host

will no longer work after this update. Such entries should be changed into

192.168.0.[0-9]+ username@:uid:pass:adminpass user@host

If possible delimiters for the regular expressions should be used:

@192.168.0.[0-9]+$ ^username@:uid:pass:adminpass ^user@host$

Solution(s)

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;