HylaFAX Remote Access Control Bypass

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote host contains an application that is affected by an access
control bypass vulnerability.

Description :

The remote host is running HylaFAX, a fax transmission software.

It is reported that HylaFAX is prone to an access control bypass
vulnerability. An attacker, exploiting this flaw, may be able to gain
unauthorized access to the service.

See also :

http://bugs.hylafax.org//show_bug.cgi?id=610

Solution :

Upgrade to version 4.2.1 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 16126 (hylafax_bypass.nasl)

Bugtraq ID: 12227

CVE ID: CVE-2004-1182