Hylafax Mailing List Archives
|
[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
[hylafax-users] [Fwd: HylaFAX vulnerability]
thought i'd pass this on. it was posted on bugtraq today.
--
___cliff rayman___cliff@genwax.com___http://www.genwax.com/
Marcin Dawcewicz wrote:
> In fact /usr/sbin/hfaxd is SUID to root _not_ uucp as I stated in my
> previous message. Sorry for this mistake.
>
> --
> pozdrawiam,
>
> -= Marcin Dawcewicz =- mailto: miv@gnu.org.pl
> "When freedom is outlawed, only outlaws will be free"
>
> ---------- Forwarded message ----------
> Date: Thu, 12 Apr 2001 03:22:20 +0200 (CEST)
> From: Marcin Dawcewicz <miv@iidea.pl>
> To: bugtraq@securityfocus.com
> Subject: HylaFAX vulnerability
>
> Hi,
>
> I've found classical format bug while I was playing with HylaFAX
> server (v4.1 beta2):
>
> $ [ -u /usr/sbin/hfaxd ] && /usr/sbin/hfaxd -q '%n%n' # SUID uucp
> Segmentation fault
>
> It crashes while calling syslog() with user supplied fmt. Looks nasty.
>
> Sorry, I have no working exploit, I won't have one and I have no idea if
> there are other similar bugs in HylaFAX. I just taught it will be nice to
> bring this case to your attention, guys. Maybe someone, who has more time
> than I have can do a little more research.
>
> --
> greets,
>
> -= Marcin Dawcewicz =- mailto: miv@gnu.org.pl
> "When freedom is outlawed, only outlaws will be free"
____________________ HylaFAX(tm) Users Mailing List _______________________
To unsub: mail -s unsubscribe hylafax-users-request@hylafax.org < /dev/null