Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Gentoo Local Security Checks --> Category: infos

[GLSA-200501-21] HylaFAX: hfaxd unauthorized login vulnerability Vulnerability Scan

Vulnerability Scan Summary
HylaFAX: hfaxd unauthorized login vulnerability

Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200501-21
(HylaFAX: hfaxd unauthorized login vulnerability)

The code used by hfaxd to match a given username and hostname with
an entry in the hosts.hfaxd file is insufficiently protected against
malicious entries.


If the HylaFAX installation uses a weak hosts.hfaxd file, a remote
attacker could authenticate using a malicious username or hostname and
bypass the intended access restrictions.


As a workaround, administrators may consider adding passwords to
all entries in the hosts.hfaxd file.


All HylaFAX users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/hylafax-4.2.0-r2"
Note: Due to heightened security, weak entries in the
hosts.hfaxd file may no longer work. Please see the HylaFAX
documentation for details of accepted syntax in the hosts.hfaxd file.

Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.