Detections
Analytics
Mandrake Linux Security Advisory : hylafax (MDKSA-2005:006)
high Nessus Plugin ID 16157
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
Patrice Fournier discovered a vulnerability in the authorization sub-system of hylafax. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorized access to the fax system.The updated packages are provided to prevent this issue. Note that the packages included with Corporate Server 2.1 do not require this fix.
Solution
Update the affected packages.Plugin Details
Severity: High
ID: 16157
File Name: mandrake_MDKSA-2005-006.nasl
Version: 1.18
Type: local
Family: Mandriva Local Security Checks
Published: 1/13/2005
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.8
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:hylafax, p-cpe:/a:mandriva:linux:hylafax-client, p-cpe:/a:mandriva:linux:hylafax-server, p-cpe:/a:mandriva:linux:lib64hylafax4.1.1, p-cpe:/a:mandriva:linux:lib64hylafax4.1.1-devel, p-cpe:/a:mandriva:linux:lib64hylafax4.2.0, p-cpe:/a:mandriva:linux:lib64hylafax4.2.0-devel, p-cpe:/a:mandriva:linux:libhylafax4.1.1, p-cpe:/a:mandriva:linux:libhylafax4.1.1-devel, p-cpe:/a:mandriva:linux:libhylafax4.2.0, p-cpe:/a:mandriva:linux:libhylafax4.2.0-devel, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:10.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 1/12/2005
Reference Information
CVE: CVE-2004-1182
MDKSA: 2005:006