Hylafax Mailing List Archives
|
[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
Securityfix for /tmp racecondition
Hello,
Our security auditing team has found a vulnerability in the HylaFAX
package version 4.0pl2.
Vulnerability:
The scripts recvstats, faxcron, probemodem, faxsetup and
faxaddmodem contain /tmp raceconditions, which allows any
local user on the system to overwrite any file the user executing
these scripts is allowed to.
This results in a denial of service attack, or - depending on the
system configuration and data involved - access to the account
executing these scripts.
Fix:
Please consider the following patches and make changes as appropriate.
For any further information, please contact choeger@suse.de
A fixed, precompiled package can be found at
ftp://ftp.suse.de/pub/suse_update/suse53/n1/hylafax.rpm
--
mfG,
Carsten Hoeger
------
Carsten Hoeger - S.u.S.E. GmbH - Gebhardtstr. 2 - 90762 Fuerth - Germany
fax +49-911-3206727 web http://www.suse.de
------
Attachment Converted: "C:\PROGRAM FILES\EUDORA\Attach\hylafax.patch"