|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200501-21] HylaFAX: hfaxd unauthorized login vulnerability Vulnerability Assessment Details
|
[GLSA-200501-21] HylaFAX: hfaxd unauthorized login vulnerability |
||
HylaFAX: hfaxd unauthorized login vulnerability Detailed Explanation for this Vulnerability Assessment The remote host is affected by the vulnerability described in GLSA-200501-21 (HylaFAX: hfaxd unauthorized login vulnerability) The code used by hfaxd to match a given username and hostname with an entry in the hosts.hfaxd file is insufficiently protected against malicious entries. Impact If the HylaFAX installation uses a weak hosts.hfaxd file, a remote attacker could authenticate using a malicious username or hostname and bypass the intended access restrictions. Workaround As a workaround, administrators may consider adding passwords to all entries in the hosts.hfaxd file. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1182 http://marc.theaimsgroup.com/?l=hylafax&m=110545119911558&w=2 Solution: All HylaFAX users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/hylafax-4.2.0-r2" Note: Due to heightened security, weak entries in the hosts.hfaxd file may no longer work. Please see the HylaFAX documentation for details of accepted syntax in the hosts.hfaxd file. Network Security Threat Level: Medium Networks Security ID: Vulnerability Assessment Copyright: (C) 2005 Michel Arboi |
||
Cables, Connectors |
Dell PowerEdge R640 Server | 2x Gold 6132 28 Cores | H730p | Choose RAM / DRIVES
$2630.00
### MZ-7KE1T0 Samsung 850 Pro Series 1TB 2.5 inch SATA3 SSD ###
$105.00
M.2 NVME SATA SSD Enclosure USB 3.2 Gen 2 10Gbps for M-Key or M+B Key SSD to 8TB
$19.86
WD 500GB My Passport SSD, Portable External Solid State Drive WDBAGF5000ARD-WESN
$59.99
Patriot P210 128GB 256GB 512GB 1TB 2TB 2.5" SATA 3 6GB/s Internal SSD PC/MAC Lot
$14.99
Micron 5100 MAX 120GB SATA 6Gb/s 2.5" Internal SSD MTFDDAK120TCC Solid State
$9.99
Intel DC S3510 Series 120GB SSD 2.5" 6Gb/s SATA Solid State Drive SSDSC2BB120G6K
$9.99
Western Digital PC SN730 256GB NVMe SDBQNTY-256G M.2 2280 PCIe Solid State (SSD)
$16.00
Netac 1TB 2TB 512GB Internal SSD 2.5'' SATA III 6Gb/s Solid State Drive lot
$109.99
Fanxiang SSD 4TB 2TB 1TB PS5 SSD M.2 NVME SSD 7300MBS PCIe 4.0 Solid State Drive
$249.99
|
||
No Discussions have been posted on this vulnerability. |