Mandrake Linux Security Advisory : hylafax (MDKSA-2005:006)

High Nessus Plugin ID 16157


The remote Mandrake Linux host is missing one or more security updates.


Patrice Fournier discovered a vulnerability in the authorization sub-system of hylafax. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorized access to the fax system.

The updated packages are provided to prevent this issue. Note that the packages included with Corporate Server 2.1 do not require this fix.


Update the affected packages.

Plugin Details

Severity: High

ID: 16157

File Name: mandrake_MDKSA-2005-006.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2005/01/13

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:hylafax, p-cpe:/a:mandriva:linux:hylafax-client, p-cpe:/a:mandriva:linux:hylafax-server, p-cpe:/a:mandriva:linux:lib64hylafax4.1.1, p-cpe:/a:mandriva:linux:lib64hylafax4.1.1-devel, p-cpe:/a:mandriva:linux:lib64hylafax4.2.0, p-cpe:/a:mandriva:linux:lib64hylafax4.2.0-devel, p-cpe:/a:mandriva:linux:libhylafax4.1.1, p-cpe:/a:mandriva:linux:libhylafax4.1.1-devel, p-cpe:/a:mandriva:linux:libhylafax4.2.0, p-cpe:/a:mandriva:linux:libhylafax4.2.0-devel, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:10.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2005/01/12

Reference Information

CVE: CVE-2004-1182

MDKSA: 2005:006