Debian DSA-634-1 : hylafax - weak hostname and username validation

high Nessus Plugin ID 16131

Synopsis

The remote Debian host is missing a security-related update.

Description

Patrice Fournier discovered a vulnerability in the authorisation subsystem of hylafax, a flexible client/server fax system. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorised access to the fax system.

Some installations of hylafax may actually utilise the weak hostname and username validation for authorized uses. For example, hosts.hfaxd entries that may be common are

192.168.0 username:uid:pass:adminpass user@host

After updating, these entries will need to be modified in order to continue to function. Respectively, the correct entries should be

192.168.0.[0-9]+ username@:uid:pass:adminpass user@host

Unless such matching of 'username' with 'otherusername' and 'host' with 'hostname' is desired, the proper form of these entries should include the delimiter and markers like this

@192.168.0.[0-9]+$ ^username@:uid:pass:adminpass ^user@host$

Solution

Upgrade the hylafax packages.

For the stable distribution (woody) this problem has been fixed in version 4.1.1-3.1.

See Also

http://www.debian.org/security/2005/dsa-634

Plugin Details

Severity: High

ID: 16131

File Name: debian_DSA-634.nasl

Version: 1.19

Type: local

Agent: unix

Published: 1/12/2005

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:3.0, p-cpe:/a:debian:debian_linux:hylafax

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 1/11/2005

Vulnerability Publication Date: 1/11/2005

Reference Information

CVE: CVE-2004-1182

DSA: 634