[hylafax-users] [Fwd: HylaFAX vulnerability]

To: hylafax-users@hylafax.org
Subject: [hylafax-users] [Fwd: HylaFAX vulnerability]
From: ___cliff rayman___ <cliff@genwax.com>
Date: Thu, 12 Apr 2001 13:04:20 -0700

thought i'd pass this on.  it was posted on bugtraq today.

--
___cliff rayman___cliff@genwax.com___http://www.genwax.com/

Marcin Dawcewicz wrote:

> In fact /usr/sbin/hfaxd is SUID to root _not_ uucp as I stated in my
> previous message. Sorry for this mistake.
>
> --
> pozdrawiam,
>
> -= Marcin Dawcewicz =-         mailto: miv@gnu.org.pl
> "When freedom is outlawed, only outlaws will be free"
>
> ---------- Forwarded message ----------
> Date: Thu, 12 Apr 2001 03:22:20 +0200 (CEST)
> From: Marcin Dawcewicz <miv@iidea.pl>
> To: bugtraq@securityfocus.com
> Subject: HylaFAX vulnerability
>
> Hi,
>
> I've found classical format bug while I was playing with HylaFAX
> server (v4.1 beta2):
>
> $ [ -u /usr/sbin/hfaxd ] && /usr/sbin/hfaxd -q '%n%n'    # SUID uucp
> Segmentation fault
>
> It crashes while calling syslog() with user supplied fmt. Looks nasty.
>
> Sorry, I have no working exploit, I won't have one and I have no idea if
> there are other similar bugs in HylaFAX. I just taught it will be nice to
> bring this case to your attention, guys. Maybe someone, who has more time
> than I have can do a little more research.
>
> --
> greets,
>
> -= Marcin Dawcewicz =-         mailto: miv@gnu.org.pl
> "When freedom is outlawed, only outlaws will be free"





____________________ HylaFAX(tm) Users Mailing List _______________________
 To unsub: mail -s unsubscribe hylafax-users-request@hylafax.org < /dev/null

Prev by Date: Re: [hylafax-users] HylaFAX getting stuck on bad transmissions
Next by Date: Re: [hylafax-users] [Fwd: HylaFAX vulnerability]
Prev by thread: Re: [hylafax-users] HylaFAX getting stuck on bad transmissions
Next by thread: Re: [hylafax-users] [Fwd: HylaFAX vulnerability]
Index(es):
- Main
- Thread

Project hosted by iFAX Solutions