Re: hylafax-4.0.2 local exploit

[thomas () SUSE DE (Thomas Biege)]

Hi,
I spend alot o' time for security checks on hylafax-v4.0pl2 for SuSE
Linux.
I'll tell you, that there are some more scary holes in it.
After our maintainer of hylafax makes my patch work with the
_new_ version of hylafax and the author of hylafax gets my report + patch
I'll make it public.

BTW, it would be nice, if you'll behave the same way. 1.) notice the
author/vendors and 2.) make it public.

Brock, check out a CGI script called faxsurvey. More then a year ago I
posted a remote cmd. exec. exploit to bugtraq. I think it isn't fixed till
now. The script wouldn't be installed on SuSE Linux.

last notice: faxalter isn't installed SUID on SuSE Linux, and doesn't have
to, because the server has uid uucp and calls faxalter, AFAIR.

Bye,
     Thomas

--
  Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
    E@mail: thomas () suse de      Function: Security Support & Auditing
  "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
   Key fingerprint = 09 48 F2 FD 81 F7 E7 98  6D C7 36 F1 96 6A 12 47