Secunia Security Advisory - Some vulnerabilities have been reported HylaFAX, which can be exploited by malicious people to bypass certain security restrictions and by malicious users to compromise a vulnerable system.
00e58cc43086c911c233c445e44f5e91260f5cd013aeb241ecefe432f654e045
TITLE:
HylaFAX Authentication Bypass and Command Insertion Vulnerabilities
SECUNIA ADVISORY ID:
SA18314
VERIFY ADVISORY:
http://secunia.com/advisories/18314/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, System access
WHERE:
>From remote
SOFTWARE:
HylaFAX 4.x
http://secunia.com/product/2528/
DESCRIPTION:
Some vulnerabilities have been reported HylaFAX, which can be
exploited by malicious people to bypass certain security restrictions
and by malicious users to compromise a vulnerable system.
1) An unspecified error exists in "hfaxd" when compiled with PAM
support disabled. This may be exploited to login using any password.
The vulnerability has been reported in version 4.2.3.
2) The "notify" script does not properly sanitise user's input before
using it. This can be exploited by malicious users to execute
arbitrary commands on a vulnerable system.
Successful exploitation requires that the malicious user is able to
submit faxes to the server.
The vulnerability has been reported in versions 4.2.0 through 4.2.3.
3) The "faxrcvd" script does not properly sanitise user's input
before using it. This can be exploited by malicious users to execute
arbitrary commands on a vulnerable system.
Successful exploitation requires that CallID (CIDName/CIDNumber) is
configured on the server and the attacker is able to submit non
alphanumeric characters as CallID data to the server.
The vulnerability has been reported in version 4.2.2 and 4.2.3.
SOLUTION:
Update to version 4.2.4.
ftp://ftp.hylafax.org/source/hylafax-4.2.4.tar.gz
PROVIDED AND/OR DISCOVERED BY:
1) Dileep
2-3) Patrice Fournier, iFAX Solutions, Inc.
ORIGINAL ADVISORY:
http://www.hylafax.org/content/HylaFAX_4.2.4_release
http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=682
http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------