Hylafax Mailing List Archives

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

[hylafax-users] [Fwd: HylaFAX vulnerability]



thought i'd pass this on.  it was posted on bugtraq today.

--
___cliff rayman___cliff@genwax.com___http://www.genwax.com/

Marcin Dawcewicz wrote:

> In fact /usr/sbin/hfaxd is SUID to root _not_ uucp as I stated in my
> previous message. Sorry for this mistake.
>
> --
> pozdrawiam,
>
> -= Marcin Dawcewicz =-         mailto: miv@gnu.org.pl
> "When freedom is outlawed, only outlaws will be free"
>
> ---------- Forwarded message ----------
> Date: Thu, 12 Apr 2001 03:22:20 +0200 (CEST)
> From: Marcin Dawcewicz <miv@iidea.pl>
> To: bugtraq@securityfocus.com
> Subject: HylaFAX vulnerability
>
> Hi,
>
> I've found classical format bug while I was playing with HylaFAX
> server (v4.1 beta2):
>
> $ [ -u /usr/sbin/hfaxd ] && /usr/sbin/hfaxd -q '%n%n'    # SUID uucp
> Segmentation fault
>
> It crashes while calling syslog() with user supplied fmt. Looks nasty.
>
> Sorry, I have no working exploit, I won't have one and I have no idea if
> there are other similar bugs in HylaFAX. I just taught it will be nice to
> bring this case to your attention, guys. Maybe someone, who has more time
> than I have can do a little more research.
>
> --
> greets,
>
> -= Marcin Dawcewicz =-         mailto: miv@gnu.org.pl
> "When freedom is outlawed, only outlaws will be free"





____________________ HylaFAX(tm) Users Mailing List _______________________
 To unsub: mail -s unsubscribe hylafax-users-request@hylafax.org < /dev/null



Home
Report any problems to webmaster@hylafax.org

HylaFAX is a trademark of Silicon Graphics Corporation.
Internet connectivity for hylafax.org is provided by:
VirtuALL Private Host Services