ID CVE-2004-1182
Summary hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password.
References
Vulnerable Configurations
  • cpe:2.3:a:hylafax:hylafax:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:hylafax:hylafax:4.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:hylafax:hylafax:4.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:hylafax:hylafax:4.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:hylafax:hylafax:4.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:hylafax:hylafax:4.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:hylafax:hylafax:4.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:hylafax:hylafax:4.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:hylafax:hylafax:4.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:hylafax:hylafax:4.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:hylafax:hylafax:4.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:hylafax:hylafax:4.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:hylafax:hylafax:4.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:hylafax:hylafax:4.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:hylafax:hylafax:4.1_beta1:*:*:*:*:*:*:*
    cpe:2.3:a:hylafax:hylafax:4.1_beta1:*:*:*:*:*:*:*
  • cpe:2.3:a:hylafax:hylafax:4.1_beta2:*:*:*:*:*:*:*
    cpe:2.3:a:hylafax:hylafax:4.1_beta2:*:*:*:*:*:*:*
  • cpe:2.3:a:hylafax:hylafax:4.1_beta3:*:*:*:*:*:*:*
    cpe:2.3:a:hylafax:hylafax:4.1_beta3:*:*:*:*:*:*:*
  • cpe:2.3:a:hylafax:hylafax:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:hylafax:hylafax:4.2.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2016 - 02:52)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20050111 HylaFAX hfaxd unauthorized login vulnerability
debian DSA-634
gentoo GLSA-200501-21
mandrake MDKSA-2005:006
mlist [hylafax-announce] 20050111 **ANOUNCE** hylafax-4.2.1 released
secunia 13812
Last major update 18-10-2016 - 02:52
Published 31-12-2004 - 05:00
Last modified 18-10-2016 - 02:52
Back to Top