| VID |
16120 |
| Severity |
40 |
| Port |
4559 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The HylaFAX hfaxd server, according to its banner, has an access control bypass vulnerability. HylaFAX is an open-source fax and paging system for Unix-based operating systems. hfaxd in HylaFAX versions prior to 4.2.1, when installed with a "weak" hosts.hfaxd file, could allow a remote attacker to bypass intended access restrictions via a specially-crafted username or hostname. A remote attacker could exploit this vulnerability to gain unauthorized access to the affected service.
* Note: This check solely relied on the banner of the remote FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2005-01/0085.html
http://secunia.com/advisories/13812
http://security.gentoo.org/glsa/glsa-200501-21.xml
http://www.debian.org/security/2004/dsa-634
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:006
* Platforms Affected:
Silicon Graphics Corporation, HylaFAX versions prior to 4.2.1
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of HylaFAX (4.2.1 or later), available from the HylaFAX Download Web page at http://www.hylafax.org/content/Download |
| Related URL |
CVE-2004-1182 (CVE) |
| Related URL |
12227 (SecurityFocus) |
| Related URL |
18835 (ISS) |
|
