Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: January 27th, 2015
Linux Advisory Watch: January 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Mandrake: hylafax vulnerability fix Print E-mail
User Rating:      How can I rate this item?
Posted by Joe Shakespeare   
Mandrake Patrice Fournier discovered a vulnerability in the authorization sub-system of hylafax. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorized access to the fax system.


                 Mandrakelinux Security Update Advisory

 Package name:           hylafax
 Advisory ID:            MDKSA-2005:006
 Date:                   January 12th, 2005

 Affected versions:	 10.0, 10.1

 Problem Description:

 Patrice Fournier discovered a vulnerability in the authorization
 sub-system of hylafax.  A local or remote user guessing the contents
 of the hosts.hfaxd database could gain unauthorized access to the
 fax system.
 The updated packages are provided to prevent this issue.  Note that
 the packages included with Corporate Server 2.1 do not require this


 Updated Packages:
 Mandrakelinux 10.0:
 ee579763c8d03a6700ed952b9ccec832  10.0/RPMS/hylafax-4.1.8-2.1.100mdk.i586.rpm
 342f2d7f890f2b31ef689eb0a308dee4  10.0/RPMS/hylafax-client-4.1.8-2.1.100mdk.i586.rpm
 998f0ad4665e364c607fae0d87bf6e63  10.0/RPMS/hylafax-server-4.1.8-2.1.100mdk.i586.rpm
 5113375fd58490f64f6b5c0293780a79  10.0/RPMS/libhylafax4.1.1-4.1.8-2.1.100mdk.i586.rpm
 996a95af88ca9ab77371448957b7271f  10.0/RPMS/libhylafax4.1.1-devel-4.1.8-2.1.100mdk.i586.rpm
 3530b9962aa58309aa59c1fd355d23ac  10.0/SRPMS/hylafax-4.1.8-2.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 8b37c55f1eaadd9c4a0645c43b4ad25c  amd64/10.0/RPMS/hylafax-4.1.8-2.1.100mdk.amd64.rpm
 cb3290ee2bf666ed51e427e59829459d  amd64/10.0/RPMS/hylafax-client-4.1.8-2.1.100mdk.amd64.rpm
 05451b45a4036f314933d15b755ea8d7  amd64/10.0/RPMS/hylafax-server-4.1.8-2.1.100mdk.amd64.rpm
 35310391ebce8f0a4085ed6b7d2ccd04  amd64/10.0/RPMS/lib64hylafax4.1.1-4.1.8-2.1.100mdk.amd64.rpm
 d1b71635033b9e72c86057a0f156c544  amd64/10.0/RPMS/lib64hylafax4.1.1-devel-4.1.8-2.1.100mdk.amd64.rpm
 3530b9962aa58309aa59c1fd355d23ac  amd64/10.0/SRPMS/hylafax-4.1.8-2.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 2cbc9e6bd58daf7d2d15f6091416ca23  10.1/RPMS/hylafax-4.2.0-1.1.101mdk.i586.rpm
 80cf2d108124ebab09f2d92ffd3e2391  10.1/RPMS/hylafax-client-4.2.0-1.1.101mdk.i586.rpm
 b4e98805f61130b91b5cc98ba886af89  10.1/RPMS/hylafax-server-4.2.0-1.1.101mdk.i586.rpm
 5afec8caa3b77932c27d032e21a0eeed  10.1/RPMS/libhylafax4.2.0-4.2.0-1.1.101mdk.i586.rpm
 e5aafca41da67cacdef699983d81f3f0  10.1/RPMS/libhylafax4.2.0-devel-4.2.0-1.1.101mdk.i586.rpm
 1fae0a459f3dce423c904ab262921cba  10.1/SRPMS/hylafax-4.2.0-1.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 ccfce91efcd9e16651a6bb2995a2cc78  x86_64/10.1/RPMS/hylafax-4.2.0-1.1.101mdk.x86_64.rpm
 6fd803abc59ec7d04f289d3aca50bd25  x86_64/10.1/RPMS/hylafax-client-4.2.0-1.1.101mdk.x86_64.rpm
 b7ee9463f3bdf38fa1c1f5271d1d4022  x86_64/10.1/RPMS/hylafax-server-4.2.0-1.1.101mdk.x86_64.rpm
 394b51eaef66c424ce9d448dd4ab237e  x86_64/10.1/RPMS/lib64hylafax4.2.0-4.2.0-1.1.101mdk.x86_64.rpm
 75fbf7eb72ba172e204612580e58b2f1  x86_64/10.1/RPMS/lib64hylafax4.2.0-devel-4.2.0-1.1.101mdk.x86_64.rpm
 1fae0a459f3dce423c904ab262921cba  x86_64/10.1/SRPMS/hylafax-4.2.0-1.1.101mdk.src.rpm

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver 0x22458A98

 You can view other update advisories for Mandrakelinux at:

 If you want to report vulnerabilities, please contact

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
No, Department of Justice, 80 Percent of Tor Traffic Is Not Child Porn
Is your platform secure? Really?
'Mastermind' hacker steals 20 million credentials from dating website
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.