HylaFAX Remote Access Control Bypass Vulnerability

BID:12227

Info

HylaFAX Remote Access Control Bypass Vulnerability

Bugtraq ID: 12227
Class: Design Error
CVE: CVE-2004-1182
Remote: Yes
Local: No
Published: Jan 11 2005 12:00AM
Updated: Jul 12 2009 09:27AM
Credit: Discovery of this vulnerability is credited to Lee Howard <[email protected]>.
Vulnerable: SuSE Linux 8.1
SuSE Linux 8.0 i386
SuSE Linux 8.0
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
Hylafax Hylafax 4.2
Hylafax Hylafax 4.1.8
Hylafax Hylafax 4.1.7
+ S.u.S.E. Linux Personal 9.0
Hylafax Hylafax 4.1.6
Hylafax Hylafax 4.1.5
+ S.u.S.E. Linux Personal 8.2
Hylafax Hylafax 4.1.3
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ SuSE Linux 8.1
Hylafax Hylafax 4.1.2
Hylafax Hylafax 4.1.1
+ Debian Linux 3.0
Hylafax Hylafax 4.1 -beta3
Hylafax Hylafax 4.1 -beta2
+ SuSE Linux 7.2 i386
+ SuSE Linux 7.2
+ SuSE Linux 7.1 x86
+ SuSE Linux 7.1 sparc
+ SuSE Linux 7.1 ppc
+ SuSE Linux 7.1 alpha
+ SuSE Linux 7.1
+ SuSE Linux 7.0 sparc
+ SuSE Linux 7.0 ppc
+ SuSE Linux 7.0 i386
+ SuSE Linux 7.0 alpha
+ SuSE Linux 7.0
Hylafax Hylafax 4.1 -beta1
Hylafax Hylafax 4.1
- FreeBSD FreeBSD 4.4
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ SuSE Linux 8.0 i386
+ SuSE Linux 8.0
+ SuSE Linux 7.3 sparc
+ SuSE Linux 7.3 ppc
+ SuSE Linux 7.3 i386
+ SuSE Linux 7.3
Hylafax Hylafax 4.0.2
+ Debian Linux 2.3 sparc
+ Debian Linux 2.3 powerpc
+ Debian Linux 2.3 arm
+ Debian Linux 2.3 alpha
+ Debian Linux 2.3 68k
+ Debian Linux 2.3
- FreeBSD FreeBSD 3.3
- FreeBSD FreeBSD 3.2
- FreeBSD FreeBSD 3.1
- FreeBSD FreeBSD 3.0
Hylafax Hylafax 4.0 pl2
Hylafax Hylafax 4.0 pl1
Hylafax Hylafax 4.0 pl0
Not Vulnerable: Hylafax Hylafax 4.2.1
- Gentoo Linux

Discussion

HylaFAX Remote Access Control Bypass Vulnerability

The HylaFAX daemon is reported prone to a vulnerability that could allow unauthorized access to the HylaFAX service. It is reported that the issue presents itself due to the methods used to match a given username and hostname to an entry in the 'hosts.hfaxd' configuration file.

A remote attacker may exploit this vulnerability to gain unauthorized access to the affected service.

Exploit / POC

HylaFAX Remote Access Control Bypass Vulnerability

No exploit is required.

Solution / Fix

HylaFAX Remote Access Control Bypass Vulnerability

Solution:
The vendor has released an update to address this issue:

A patch to fix HylaFAX hfaxd is also available at:
http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=610

Mandrake has released an advisory (MDKSA-2005:006) and updates to address this vulnerability. Please see the referenced advisory for further information regarding obtaining and applying appropriate updates.

Gentoo has released an advisory (GLSA 200501-21) and an updated eBuild to address this vulnerability. Gentoo users may update their computers by issuing the following sequence of commands as a superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=net-misc/hylafax-4.2.0-r2"

Debian has released an advisory (DSA 634-1) and updates to address this vulnerability. Please see the referenced advisory for further information regarding obtaining and applying appropriate updates.

SuSE Linux has released a security summary report (SUSE-SR:2005:003) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.


Hylafax Hylafax 4.0 pl1

Hylafax Hylafax 4.0 pl2

Hylafax Hylafax 4.0 pl0

Hylafax Hylafax 4.0.2

Hylafax Hylafax 4.1

Hylafax Hylafax 4.1 -beta1

Hylafax Hylafax 4.1 -beta3

Hylafax Hylafax 4.1 -beta2

Hylafax Hylafax 4.1.1

Hylafax Hylafax 4.1.2

Hylafax Hylafax 4.1.3

Hylafax Hylafax 4.1.5

Hylafax Hylafax 4.1.6

Hylafax Hylafax 4.1.7

Hylafax Hylafax 4.1.8

Hylafax Hylafax 4.2

References

HylaFAX Remote Access Control Bypass Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report