Bugtraq mailing list archives

Re: hylafax

From: Robert van der Meulen <rvdm () cistron nl>
Date: Mon, 24 Sep 2001 18:54:12 +0200

Hi,

Quoting christer.oberg () gmx net (christer.oberg () gmx net):

There are some format strings vulnerbilities in the lastest hylafax package
try faxrm -h %x 1 or faxalter -h %x -D 1 for "proof of concept".
Both faxrm and faxalter are installed setuid uucp on FreeBSD (installed from
port collection). uid uucp is not that exciting but with some luck you'll
find uucp owned binaries running from cron with uid 0.

Just for everyone's I:

This 'works' on Debian stable/unstable, but faxrm/faxalter are non-suid (as
all other hylafax-client binaries).

Greets,
        Robert

-- 
                              Linux Generation
   encrypted mail preferred. finger rvdm () debian org for my GnuPG/PGP key.
It's hard to believe they put men on the Moon with only 5K of RAM. -- Wired

Current thread:

hylafax christer . oberg (Sep 24)
- Re: hylafax Robert van der Meulen (Sep 24)
- Re: hylafax KF (Sep 24)