HylaFAX hfaxd with PAM Password Policy Bypass

This script is Copyright (C) 2006-2011 Tenable Network Security, Inc.


Synopsis :

The remote fax server fails to properly validate passwords.

Description :

The remote host is running HylaFAX, a fax / pager server application
for Linux / unix.

The version of HylaFAX installed on the remote host does not check
passwords when authenticating users via hfaxd, its fax server. An
attacker can exploit this issue to bypass authentication using a valid
username and gain access to the system.

See also :

http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=682
http://www.hylafax.org/content/HylaFAX_4.2.4_release

Solution :

Rebuild HylaFAX with PAM support or upgrade to HylaFAX version 4.2.4
or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 20387 (hylafax_auth_bypass.nasl)

Bugtraq ID: 16150

CVE ID: CVE-2005-3538