[12450] in bugtraq
Re: hylafax-4.0.2 local exploit
daemon@ATHENA.MIT.EDU (Thomas Biege)
Fri Nov 5 13:23:08 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.05.9911050816100.23966-100000@Galois.suse.de>
Date: Fri, 5 Nov 1999 08:36:22 +0100
Reply-To: Thomas Biege <thomas@SUSE.DE>
From: Thomas Biege <thomas@SUSE.DE>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Hi,
I spend alot o' time for security checks on hylafax-v4.0pl2 for SuSE
Linux.
I'll tell you, that there are some more scary holes in it.
After our maintainer of hylafax makes my patch work with the
_new_ version of hylafax and the author of hylafax gets my report + patch
I'll make it public.
BTW, it would be nice, if you'll behave the same way. 1.) notice the
author/vendors and 2.) make it public.
Brock, check out a CGI script called faxsurvey. More then a year ago I
posted a remote cmd. exec. exploit to bugtraq. I think it isn't fixed till
now. The script wouldn't be installed on SuSE Linux.
last notice: faxalter isn't installed SUID on SuSE Linux, and doesn't have
to, because the server has uid uucp and calls faxalter, AFAIR.
Bye,
Thomas
--
Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: thomas@suse.de Function: Security Support & Auditing
"lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
