Bugtraq mailing list archives
Re: Advisory: mgetty local compromise
From: Gert Doering <gert () GREENIE MUC DE>
Date: Sat, 26 Aug 2000 12:09:51 +0200
Hi, sorry to followup on myself, but...: On Sat, Aug 26, 2000 at 11:02:09AM +0200, Gert Doering wrote:
Vendor releases might still be vulnerable (shipping old versions), but as faxrunqd(8) isn't usually run by default, a "standard system" should NOT be vulnerable. *If* you run faxrunqd, though, upgrade to 1.1.22 (but those of you that do, you know who you are...)
... this is crap. faxrunq(8) had the same bug as faxrunqd(8) here (which the original "advisory" didn't mention). It has also been fixed in 1.1.22. So, let me rephrase this: IF you are using the "sendfax" part of mgetty+sendfax AND you have possibly-malicious users on your system, then you should urgently upgrade to 1.1.22 (which should be a matter of "make; make install"). If all your users are trustworthy, you don't have a problem, as this can't be remotely exploited. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany gert () greenie muc de fax: +49-89-35655025 gert.doering () physik tu-muenchen de
Current thread:
- Advisory: mgetty local compromise Stan Bubrouski (Aug 26)
- Re: Advisory: mgetty local compromise Gert Doering (Aug 26)
- Re: Advisory: mgetty local compromise Gert Doering (Aug 26)
- Re: Advisory: mgetty local compromise Stan Bubrouski (Aug 26)
- Re: Advisory: mgetty local compromise Gert Doering (Aug 26)
- Re: Advisory: mgetty local compromise Stan Bubrouski (Aug 29)
- Re: Advisory: mgetty local compromise Mark Stingley (Aug 30)
- Re: Advisory: mgetty local compromise Gert Doering (Aug 26)
- Re: Advisory: mgetty local compromise Cy Schubert - ITSD Open Systems Group (Aug 31)