Bugtraq mailing list archives

Re: hylafax

From: Lee Howard <faxguy () deanox com>
Date: Sun, 14 Oct 2001 21:52:33 -0600

At 09:31 PM 10/13/01 +0200, Przemyslaw Frasunek wrote:

There are some format strings vulnerbilities in the lastest hylafax

package

try faxrm -h %x 1 or faxalter -h %x -D 1 for "proof of concept".


an exploit for this one:
http://www.frasunek.com/sources/security/security/hylafax.pl



As has been pointed out on the hylafax-devel () hylafax org mailing list, this
exploit is only useful for those installations which have set hfaxd to suid
root.  The standard HylaFAX installation does not do this.

[user@hylafaxserver user]$ faxstat -i
HylaFAX version 4.1rc1 built Sat Jun  2 16:55:31 MDT 2001 for i686-pc-linux
HylaFAX scheduler on hylafaxserver.mydomain.com: Running
Modem ttyS1 (+1.435.755.0959): Running and idle
[user@hylafaxserver lee]$ ./hylafax.pl
Not vulnerable
[user@hylafaxserver lee]$

Lee.

Current thread:

Re: hylafax Przemyslaw Frasunek (Oct 14)
- Re: hylafax Lee Howard (Oct 15)
  - Re: hylafax Przemyslaw Frasunek (Oct 15)