[hylafax-devel] Broken access control?

To: <hylafax-devel@hylafax.org>
Subject: [hylafax-devel] Broken access control?
From: Darren Nickerson <darren@dazza.org>
Cc: Sam Leffler <sam@errno.com>; John Conover <john@johncon.com>
Date: 10 Aug 2000 07:41


Folks,

Is current HylaFAX really this broken?? Has it always been?

[darren@hewes darren]$ faxstat -v -s -h roam.dazza.org 
Trying roam.dazza.org (209.166.32.51) at port 4559...
Connected to roam.dazza.org.
220 roam.dazza.org server (HylaFAX (tm) Version 4.1beta2) ready.
-> USER darren
331 Password required for darren.
Password:
-> PASS XXXX
530 Login incorrect.
Login failed: 530 Login incorrect.

normal.

[darren@hewes darren]$ telnet roam.dazza.org 4559
Trying 209.166.32.51...
Connected to roam.dazza.org (209.166.32.51).
Escape character is '^]'.
220 roam.dazza.org server (HylaFAX (tm) Version 4.1beta2) ready.
hello stuff
500 HELLO: Command not recognized.
quit
221 Goodbye.
Connection closed by foreign host.

Um, a little more permissive than I had hoped for. Arguably every connection 
to this port should be mediated via hosts.hfaxd, no?

Looks like a security issue to address with some urgency to me.

-Darren



____________________ HylaFAX(tm) Developers Mailing List ____________________
 To unsub: mail -s unsubscribe hylafax-devel-request@hylafax.org < /dev/null

Prev by Date: [hylafax-devel] Re: Pep talk
Next by Date: [hylafax-devel] [hylafax-users] cvs-20000604 -> g++ internal compiler error
Prev by thread: [hylafax-devel] Re: Race condition
Next by thread: [hylafax-devel] [hylafax-users] cvs-20000604 -> g++ internal compiler error
Index(es):
- Main
- Thread

Report any problems to webmaster@hylafax.org

HylaFAX is a trademark of Silicon Graphics Corporation.
Internet connectivity for hylafax.org is provided by:
VirtuALL Private Host Services