| VID |
16118 |
| Severity |
40 |
| Port |
4559 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The HylaFAX hfaxd server is vulnerable to a password check vulnerability. HylaFAX is an open-source fax and paging system for Unix-based operating systems. HylaFAX versions 4.2.0 through 4.2.3 could allow a remote attacker to access using arbitrary password, caused by improper password checking when authenticating users via hfaxd, its fax server. A remote attacker could gain unauthorized access to the affected server using a valid username.
* References:
http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=682
http://www.hylafax.org/content/HylaFAX_4.2.4_release
http://www.frsirt.com/english/advisories/2006/0072
* Platforms Affected:
Silicon Graphics Corporation, HylaFAX versions 4.2.0 through 4.2.3
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of HylaFAX (4.2.4 or later), available from the HylaFAX Web page at http://freshmeat.net/projects/hylafax/?topic_id=36 |
| Related URL |
CVE-2005-3538 (CVE) |
| Related URL |
16150 (SecurityFocus) |
| Related URL |
24004 (ISS) |
|
