 HylaFAX The world's
most advanced open source fax server
|
[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]
Re: [hylafax-users] Ghostscript vulnerability
- To: Lee Howard <faxguy@xxxxxxxxxxxxxxxx>
- Subject: Re: [hylafax-users] Ghostscript vulnerability
- From: Uwe Dippel <udippel@xxxxxxxxx>
- Cc: hylafax-users@xxxxxxxxxxxxxxxxxxxxx, Hylafax-users Mailing List <hylafax-users@xxxxxxxxxxx>
- Date: Sat, 01 Mar 2008 01:31:09 +0800
Lee Howard wrote:
The vulnerability for HylaFAX deployments is mitigated by the amount of trust in the allowed fax senders. If your sender pool is quite restricted and well-trusted then your exposure is quite limited. If your sender pool is quite open and untrusted (i.e. TPC cells) then you may be at greater risk.
Howard, If I am not mistaken, some are completely protected: Receive-Only installs cannot be overrun.
Actually, since it is a buffer overflow in ghostscript for incoming .ps files, *any* install / setup, in which users cannot deliver PostScript files to hylafax are save. (Most can, though, I guess.)
Uwe
____________________ HylaFAX(tm) Users Mailing List _______________________ To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null *To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*
- Follow-Ups:
- Re: [hylafax-users] Ghostscript vulnerability
- From: Lee Howard
- Re: [hylafax-users] Ghostscript vulnerability
- References:
- [hylafax-users] Ghostscript vulnerability
- From: Lee Howard
- [hylafax-users] Ghostscript vulnerability
- Prev by Date: [hylafax-users] Ghostscript vulnerability
- Next by Date: Re: [hylafax-users] Ghostscript vulnerability
- Previous by thread: [hylafax-users] Ghostscript vulnerability
- Next by thread: Re: [hylafax-users] Ghostscript vulnerability
- Index(es):
Project hosted by iFAX Solutions