CVE-2004-1182

EPSS 0.55%

hylafax - weak hostname and username validation

發布日:2004/12/31修改日:2026/4/28

也稱為:DSA-634-1DEBIAN-CVE-2004-1182

描述

hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password.

受影響套件(2)

Debian/hylafaxfrom 0, < 1:4.2.1-1
Debian/hylafaxfrom 0, < 1:4.1.1-3.1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2004-1182