CVE-2004-1182

2005-01-1905:00:00

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.005

Percentile

76.4%

JSON

hfaxd in HylaFAX before 4.2.1, when installed with a “weak” hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password.

OSVersionArchitecturePackageVersionFilename
Debian12allhylafax< 1:4.2.1-1hylafax_1:4.2.1-1_all.deb
Debian11allhylafax< 1:4.2.1-1hylafax_1:4.2.1-1_all.deb
Debian999allhylafax< 1:4.2.1-1hylafax_1:4.2.1-1_all.deb
Debian13allhylafax< 1:4.2.1-1hylafax_1:4.2.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	hylafax	< 1:4.2.1-1	hylafax_1:4.2.1-1_all.deb
Debian	11	all	hylafax	< 1:4.2.1-1	hylafax_1:4.2.1-1_all.deb
Debian	999	all	hylafax	< 1:4.2.1-1	hylafax_1:4.2.1-1_all.deb
Debian	13	all	hylafax	< 1:4.2.1-1	hylafax_1:4.2.1-1_all.deb