Securityfix for /tmp racecondition

To: flexfax@sgi.com
Subject: flexfax: Securityfix for /tmp racecondition
From: Carsten Hoeger <choeger@suse.de>
Cc: Matthias Apitz <guru@sisis.de>
Date: Wed, 23 Sep 1998 17:13:13 +0200

Hello,


Our security auditing team has found a vulnerability in the HylaFAX
package version 4.0pl2.

Vulnerability:
	The scripts recvstats, faxcron, probemodem, faxsetup and
	faxaddmodem contain /tmp raceconditions, which allows any
	local user on the system to overwrite any file the user executing
	these scripts is allowed to.
	This results in a denial of service attack, or - depending on the
	system configuration and data involved - access to the account
	executing these scripts.

Fix:
	Please consider the following patches and make changes as appropriate.

For any further information, please contact choeger@suse.de


A fixed, precompiled package can be found at
  ftp://ftp.suse.de/pub/suse_update/suse53/n1/hylafax.rpm

-- 
mfG,
	Carsten Hoeger
------
Carsten Hoeger  - S.u.S.E. GmbH -  Gebhardtstr. 2  -  90762 Fuerth  -  Germany
fax +49-911-3206727                                     web http://www.suse.de
------

Attachment Converted: "C:\PROGRAM FILES\EUDORA\Attach\hylafax.patch"

Prev by Date: whfc 0.8.12 released
Next by Date: Re: RE>Re: Install Problem on RH
Prev by thread: whfc 0.8.12 released
Next by thread: Re: Securityfix for /tmp racecondition
Index(es):
- Main
- Thread

Project hosted by iFAX Solutions