 HylaFAX The world's
most advanced open source fax server
|
[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]
hylafax security hole in faxcron, xferstats and recvstats
- To: flexfax@sgi.com
- Subject: flexfax: hylafax security hole in faxcron, xferstats and recvstats
- From: Tobias Richter <tsr@cave.isdn.cs.tu-berlin.de>
- Date: Fri, 11 Sep 1998 00:48:27 +0200
Hi, faxcron, xferstats and recvstats as they are installed with hylafax-v4.0pl2 can be used to execute arbitary awk programs as the invoking user. All three programs are usually run by cron on behalf of the fax user (aka uucp). faxcron, xferstats and recvstats which are all Bourne Shell scripts create temporary files in /tmp which are later executed by awk. The names of these temp files can easily be guessed. Any awk code that is found in a correct guess (and can not be overwritten) will be run verbatim. There are several other files created in /tmp with such a weak naming sheme. All these files can be used by an attacker to let uucp (or any other user running one of those scripts) overwrite any file he has permission to write to (by creating symlinks). Disableing those scripts completely should not break hylafax serivces. You'll only miss those nice reports. By the way: at least recvstats and xferstats aren't Y2k compilant yet. Greetings, tobias
- Prev by Date: Re: Auto-print a sent fax, howto?
- Next by Date: RE>Re: Auto-print a sent fax, howto?
- Prev by thread: Class2DDISCmd for USR-Sportster Flash?
- Next by thread: Problems with the SNPP side of Hylafax (Faxing works fine)
- Index(es):
Project hosted by iFAX Solutions