CVE-2004-1182 | Vulnerability Database | Aqua Security

hfaxd in HylaFAX before 4.2.1, when installed with a weak hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password.

Affected Software

Name	Vendor	Start Version	End Version
Hylafax	Hylafax	4.1.1 (including)	4.1.1 (including)
Hylafax	Hylafax	4.1.2 (including)	4.1.2 (including)
Hylafax	Hylafax	4.1.3 (including)	4.1.3 (including)
Hylafax	Hylafax	4.1.5 (including)	4.1.5 (including)
Hylafax	Hylafax	4.1.6 (including)	4.1.6 (including)
Hylafax	Hylafax	4.1.7 (including)	4.1.7 (including)
Hylafax	Hylafax	4.1.8 (including)	4.1.8 (including)
Hylafax	Hylafax	4.1_beta1 (including)	4.1_beta1 (including)
Hylafax	Hylafax	4.1_beta2 (including)	4.1_beta2 (including)
Hylafax	Hylafax	4.1_beta3 (including)	4.1_beta3 (including)
Hylafax	Hylafax	4.2.0 (including)	4.2.0 (including)
Hylafax	Ubuntu	dapper	*
Hylafax	Ubuntu	devel	*
Hylafax	Ubuntu	edgy	*
Hylafax	Ubuntu	feisty	*

References

http://marc.info/?l=bugtraq\u0026m=110546971307585\u0026w=2
http://marc.info/?l=hylafax\u0026m=110545119911558\u0026w=2
http://secunia.com/advisories/13812
http://security.gentoo.org/glsa/glsa-200501-21.xml
http://www.debian.org/security/2004/dsa-634
http://www.mandriva.com/security/advisories?name=MDKSA-2005:006

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1182
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html