Bugtraq mailing list archives
Re: hylafax
From: Lee Howard <faxguy () deanox com>
Date: Sun, 14 Oct 2001 21:52:33 -0600
At 09:31 PM 10/13/01 +0200, Przemyslaw Frasunek wrote:
There are some format strings vulnerbilities in the lastest hylafaxpackagetry faxrm -h %x 1 or faxalter -h %x -D 1 for "proof of concept".an exploit for this one: http://www.frasunek.com/sources/security/security/hylafax.pl
As has been pointed out on the hylafax-devel () hylafax org mailing list, this exploit is only useful for those installations which have set hfaxd to suid root. The standard HylaFAX installation does not do this. [user@hylafaxserver user]$ faxstat -i HylaFAX version 4.1rc1 built Sat Jun 2 16:55:31 MDT 2001 for i686-pc-linux HylaFAX scheduler on hylafaxserver.mydomain.com: Running Modem ttyS1 (+1.435.755.0959): Running and idle [user@hylafaxserver lee]$ ./hylafax.pl Not vulnerable [user@hylafaxserver lee]$ Lee.
Current thread:
- Re: hylafax Przemyslaw Frasunek (Oct 14)
- Re: hylafax Lee Howard (Oct 15)
- Re: hylafax Przemyslaw Frasunek (Oct 15)
- Re: hylafax Lee Howard (Oct 15)