Attachment 27649 Details for Bug 64550

hylafax.patch.box

hylafax.patch.box (text/plain), 1.34 KB, created by Ludwig Nussel on 2005-01-14 22:33:47 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Ludwig Nussel

Created: 2005-01-14 22:33:47 UTC

Size: 1.34 KB

patch

obsolete

>DISTRIBUTION: 8.1-i386,8.2-i386,9.0-i386,9.0-x86_64,9.1-i386,9.1-x86_64,9.2-i386,9.2-x86_64
>PACKAGE: hylafax
>PACKAGER: kkeil@suse.de
>BUGZILLA: 49550
>CATEGORY: security
>DESCRIPTION:
>A bug in the authentication code of hfaxd has been fixed that
>allowed attackers to gain unauthorized access to the fax system by
>guessing the content of the hosts.hfaxd file.
>
>Please note that entries in hosts.hfaxd that are of the form
>
>  192.168.0
>  username:uid:pass:adminpass
>  user@host
>
>will no longer work after this update. Such entries should be
>changed into
>
>  192.168.0.[0-9]+
>  username@:uid:pass:adminpass
>  user@host
>
>If possible delimiters for the regular expressions should be used:
>
>  @192.168.0.[0-9]+$
>  ^username@:uid:pass:adminpass
>  ^user@host$
>
>DESCRIPTION_DE:
>Ein Fehler im Authentifizierungscode von hfaxd wurde behoben, der es Angreifern
>erlaubte, unberechtigten Zugang zum Faxsystem durch Erraten des Inhalts der
>Datei hosts.hfaxd, zu erlangen.
>
>Bitte beachten Sie, daÃ EintrÃ¤ge in hosts.hfaxd in der Form
>
>  192.168.0
>  username:uid:pass:adminpass
>  user@host
>
>nach diesem Update nicht mehr funktionieren. Solche EintrÃ¤ge sollten in
>
>  192.168.0.[0-9]+
>  username@:uid:pass:adminpass
>  user@host
>
>geÃ¤ndert werden. Wenn mÃ¶glich sollten Begrenzer fÃ¼r die regulÃ¤ren AusdrÃ¼cke
>verwendet werden:
>
>  @192.168.0.[0-9]+$
>  ^username@:uid:pass:adminpass
>  ^user@host$
>

Actions: View

Attachments on bug 64550: 27335 | 27454 | 27455 | 27649 | 27650