Patrice Fournier

**Name of the Vulnerable Software and Affected Versions** HylaFAX version 4.2.3 **Description** The issue allows remote attackers to gain privileges by accepting arbitrary passwords when PAM support is disabled in hfaxd. **Recommendations** For HylaFAX version 4.2.3, consider enabling PAM support to prevent the acceptance of arbitrary passwords. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HylaFAX versions 4.2.3 and earlier **Description** The issue concerns multiple eval injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary commands. This can be achieved via the notify script or by using crafted `CallID` parameters to the faxrcvd script. **Recommendations** For HylaFAX versions 4.2.3 and earlier, update to a version later than 4.2.3 to resolve the issue. As a temporary workaround, consider restricting access to the notify script and the faxrcvd script until a patch is available. Avoid using crafted `CallID` parameters in the faxrcvd script until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: HylaFAX versions prior to 4.2.1 Description: The issue allows remote attackers to authenticate and bypass intended access restrictions. This can be achieved by crafting a specific `username` or `hostname` that satisfies a regular expression matched against a hosts.hfaxd entry without a password. Recommendations: For versions prior to 4.2.1, update to version 4.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the hfaxd service or modifying the hosts.hfaxd file to include stronger access controls.